create-gitlab-ci
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides templates for generating standard GitLab CI/CD pipelines including linting, testing, and deployment stages.
- [SAFE]: The templates include remote script execution to install Composer from the official and well-known source
https://getcomposer.org/installer. - [SAFE]: Deployment templates use SSH with the
-o StrictHostKeyChecking=noflag; this is a common best-practice violation in automated environments and does not indicate malicious intent. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its analysis of untrusted project data.
- Ingestion points: The skill analyzes
composer.jsonand existing.gitlab-ci.ymlfiles as part of its project analysis step. - Boundary markers: Absent. There are no instructions to the agent to treat content from project files as untrusted or to use delimiters.
- Capability inventory: The skill uses project analysis to decide which tools and configurations to generate in the final pipeline.
- Sanitization: Absent. The skill does not mention any validation or filtering of content ingested from the project files.
Audit Metadata