Detects content in environment variables defined or modified inside Jenkins that could result in code execution in Windows batch scripts referencing those environment variables. Learn more.

If an unsafe environment variable is detected, and its value is different from that provided to the Jenkins process, the specified action is taken. This action ranges from only logging a warning (unsafe) to failing the Windows batch build step before it would execute the script.

Environment variable values containing any of the following characters are considered unsafe: |^&%"<>