The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill documentation includes a command to download and execute a shell script from a remote URL with root privileges: curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash. Since the source is not in the Trusted External Sources list, this is a high-risk operation that bypasses verification.
[Privilege Escalation] (HIGH): The provided runner configuration (config.toml) enables privileged = true and mounts /var/run/docker.sock. This allows any job executed by the runner to escape the container and gain root access to the host machine.
[Persistence Mechanisms] (HIGH): The skill guides the user to install the gitlab-runner as a system service using sudo apt install and sudo gitlab-runner register, establishing a persistent background process that can execute arbitrary code received from the GitLab controller.
[Indirect Prompt Injection] (HIGH): Ingestion points: The skill uses include to pull in external CI/CD templates from other projects and remote templates. Boundary markers: Absent. Capability inventory: The runner has the capability to execute arbitrary shell commands via the script parameter. Sanitization: Absent. This creates a large attack surface where external project maintainers can inject malicious commands into the pipeline context.

gitlab-ci