Skills
skills/bowentan/super-agent/update-mr-desc/Gen Agent Trust Hub

update-mr-desc

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitLab CLI (glab), a well-known utility, to retrieve merge request diffs and update descriptions. This is the primary function of the skill and follows standard practices.
  • [PROMPT_INJECTION]: The skill is exposed to potential indirect prompt injection because it processes untrusted merge request diffs.
  • Ingestion points: Diff content from glab mr diff in the 'Getting the diff' section.
  • Boundary markers: No specific boundary markers are used to isolate the diff content from instructions.
  • Capability inventory: The skill can execute shell commands (glab mr update) to modify remote MR descriptions.
  • Sanitization: No sanitization is applied to the diff text before it is summarized by the model.
  • Note: This risk is mitigated by the mandatory user confirmation requirement ('Updating the description' section), which prevents automated execution of potentially injected instructions without oversight.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 04:42 AM