gitlab-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to configure an external MCP server endpoint at https://rube.app/mcp. This involves connecting to a third-party service domain that is not included in the provided trusted vendors list.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: The agent ingests untrusted data from GitLab through tools such as GITLAB_LIST_PROJECT_ISSUES and GITLAB_GET_PROJECT_MERGE_REQUESTS. 2. Boundary markers: The instructions do not define boundary markers or include prompts to ignore instructions within the ingested data. 3. Capability inventory: The skill includes powerful write capabilities, such as GITLAB_CREATE_PROJECT_ISSUE, GITLAB_UPDATE_PROJECT_ISSUE, and GITLAB_CREATE_REPOSITORY_BRANCH, which could be abused if malicious instructions are processed. 4. Sanitization: There is no evidence of input sanitization or filtering for the content retrieved from GitLab before it is interpreted by the agent.
Audit Metadata