gitlab-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to call GitLab toolkit APIs (e.g., GITLAB_LIST_PROJECT_ISSUES, GITLAB_GET_PROJECT_MERGE_REQUESTS, GITLAB_LIST_PROJECT_PIPELINES) to fetch and act on issues, merge requests, pipeline jobs and other user-generated content from a connected GitLab instance, meaning untrusted third‑party content is read/interpreted and can influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting to the Rube MCP server (https://rube.app/mcp) and explicitly instructs calling RUBE_SEARCH_TOOLS at runtime to fetch current tool schemas that directly determine the agent's tool prompts/behavior, making this a required external runtime dependency that controls agent instructions.