glab
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill exposes the full suite of GitLab CLI commands, granting the agent administrative control over projects, including repository deletion, member management, and the ability to change the authenticated instance or host via
glab auth loginandglab config. - [DATA_EXFILTRATION]: The agent has the capability to extract sensitive information including CI/CD variables via
glab variable exportand active authentication tokens throughglab auth token. Additionally, theglab apicommand's@filefeature allows reading local file contents and transmitting them to the GitLab API, potentially facilitating exfiltration of local sensitive data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from GitLab (issues, merge requests, comments, and CI logs).
- Ingestion points: Data enters the context via
glab issue list,glab mr view,glab ci trace, and other read operations on GitLab project content. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from executing instructions embedded within the fetched GitLab content.
- Capability inventory: The agent has extensive permissions to perform write operations, manage secrets, and execute arbitrary API calls through the
glabCLI. - Sanitization: No content sanitization or validation mechanisms are implemented for the data retrieved from GitLab.
Audit Metadata