gitlab-ci-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Handling GitLab CI/CD Documentation Lookup" workflow explicitly instructs the agent to use web.search_query and web.open (and Context7) to fetch and extract content from external documentation pages (e.g., docs.gitlab.com and other web results), meaning the agent will ingest and act on untrusted public third‑party content when generating pipelines.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime external lookups (web.search_query / web.open) against https://docs.gitlab.com to extract documentation that is injected into the agent's context and used to control pipeline-generation instructions, so this runtime fetch from docs.gitlab.com directly influences prompts.