gitlab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and read user-generated content from GitLab (e.g., pipeline logs via glab ci trace, MR comments via glab mr view --comments, and API searches like glab api "search?...") as part of its workflow, which could contain untrusted instructions that materially influence subsequent actions.