Skills
skills/dedalus-erp-pas/hexagone-foundation-skills/gitlab-code-review/Gen Agent Trust Hub

gitlab-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from GitLab merge requests which could contain malicious instructions.
  • Ingestion points: The skill retrieves and processes untrusted data including merge request titles, descriptions, and code diffs (SKILL.md).
  • Boundary markers: The prompt instructions lack explicit delimiters or specific instructions to ignore instructions embedded within the merge request data.
  • Capability inventory: The skill has permissions to read arbitrary repository files and post notes or discussion threads to the GitLab instance (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the content fetched from the GitLab server before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 08:10 AM