meeting
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.\n
- Ingestion points: Fetches issue descriptions and comments via gitlab-mcp and reads local code files to establish meeting context in Step 1.\n
- Boundary markers: Untrusted content is interpolated directly into sub-agent prompts in Step 3 without safety delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill uses gitlab-mcp tools (create_issue_note, update_issue, create_merge_request) and the gh CLI, allowing it to modify project metadata and state.\n
- Sanitization: There is no evidence of sanitization or filtering of external data before it is presented to the sub-agents.\n- [COMMAND_EXECUTION]: The skill executes shell commands and modifies the file system during the implementation phase.\n
- It uses the gh CLI to interact with GitHub issues.\n
- It performs git operations (branching, committing, pushing) to implement recommendations. These actions are protected by a requirement for explicit user validation in Step 5.
Audit Metadata