gitlab-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown documentation and instructions, with no accompanying scripts, binaries, or automated code execution.
- [SAFE]: Authentication is handled via the RUBE_MANAGE_CONNECTIONS tool using GitLab's official OAuth flow; no hardcoded credentials or API keys are present.
- [EXTERNAL_DOWNLOADS]: The skill references an external MCP server endpoint (https://rube.app/mcp). This is the functional endpoint for the Rube toolkit and is disclosed transparently for setup.
- [INDIRECT_PROMPT_INJECTION]: This skill presents a surface for processing external data from GitLab. 1. Ingestion points: GitLab API outputs for project, issue, and merge request details. 2. Boundary markers: None specified in the instructions to isolate untrusted content. 3. Capability inventory: Modification of GitLab projects, issues, branches, and merge requests. 4. Sanitization: Not described in the documentation. This represents a standard risk for integration tools and no malicious patterns were detected.
Audit Metadata