Buildkite

Security checks across malware telemetry and agentic risk

Overview

This Buildkite skill is a disclosed OOMOL CLI integration for reading and managing builds, with no evidence of hidden behavior or malware.

Install only if you intend to let the agent operate Buildkite through your OOMOL-connected account. Confirm exact organization, pipeline, build number, and payload before create, rebuild, or cancel actions, since those can affect CI/CD runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This action documentation describes how to cancel a Buildkite build but does not warn users that the operation is destructive and may terminate in-progress CI/CD work. In an agent-driven context, missing friction or confirmation language increases the chance of accidental cancellation, service disruption, and interruption of deployment or test pipelines.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal