gitlab
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it fetches and processes content from external, potentially untrusted sources (GitLab MRs, issues, and CI logs) and uses that information to inform subsequent agent actions.
- Ingestion points: Untrusted data enters the agent context via commands like
glab mr view --comments,glab ci trace <job-name>,glab issue view, andglab mr diffinSKILL.md. - Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to ignore potential commands embedded within the data retrieved from GitLab.
- Capability inventory: The skill allows for significant repository modifications, including
glab mr create,glab mr merge,git push, andglab variable setinSKILL.md. - Sanitization: Absent. There are no instructions to sanitize or validate the content retrieved from GitLab before the agent interprets or acts upon it.
Audit Metadata