Skills
skills/grandcamel/gitlab-assistant-skills/gitlab-badge/Gen Agent Trust Hub

gitlab-badge

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes the standard glab CLI to interact with the GitLab API. Commands are well-structured, use proper quoting for shell variables, and do not show signs of arbitrary command injection.
  • [DATA_EXPOSURE] (SAFE): No sensitive credentials, tokens, or private file paths are hardcoded or accessed. The skill relies on the user's existing glab authentication.
  • [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to override the AI agent's core instructions or safety filters.
  • [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes data from external API responses (GitLab badge metadata), it employs jq for parsing and @uri for encoding project paths, which mitigates common injection risks during data handling.
  • [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns involving the download and execution of external scripts (e.g., curl | bash).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 09:15 AM