Skills
skills/bowentan/super-agent/gitlab-mr-review/Gen Agent Trust Hub

gitlab-mr-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill exhibits a significant indirect prompt injection surface by ingesting untrusted external data.
  • Ingestion points: Merge request details and diffs are fetched via glab mr view and glab mr diff (SKILL.md, Workflow Step 3).
  • Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the external data.
  • Capability inventory: The agent can execute shell commands (glab mr note) and post content back to an external platform (SKILL.md, Workflow Step 5).
  • Sanitization: No sanitization or escaping mechanisms are defined for the content before it is processed or used in shell commands.
  • COMMAND_EXECUTION (HIGH): The skill dynamically constructs and executes shell commands using external data.
  • Evidence: The instruction for the CLI workflow specifies using glab mr note [MR_IID] --message "..." where the message is the output of the AI's analysis (SKILL.md, Workflow Step 5). Although it suggests to "escape or quote appropriately," the logic relies on the agent's ability to safely handle potentially malicious strings from the MR diff/description, which is a classic command injection vector.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:36 PM