Skills
skills/acedatacloud/skills/gitlab/Gen Agent Trust Hub

gitlab

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the nature of interacting with untrusted GitLab data content.
  • Ingestion points: Untrusted data enters the agent context through tools that read GitLab issue descriptions, merge request comments, and raw repository files (e.g., glab issue view, glab mr view, and glab api .../repository/files/.../raw).
  • Boundary markers: No specific delimiters or instructions are provided in the skill to treat the fetched GitLab content as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill allows for high-impact actions including merging merge requests (glab mr merge), approving merge requests (glab mr approve), and modifying issues (glab issue note, glab issue close).
  • Sanitization: There is no evidence of content sanitization or validation of the fetched external data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 12:51 PM