gitlab-badge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches badge data via glab api (e.g., "glab api projects/$source_project/badges" and the preview/render endpoint) and reads/uses fields like .rendered_image_url and .rendered_link_url (often pointing to external sites such as shields.io or arbitrary URLs) to generate markdown, copy badges to other projects, and create/update badges—i.e., it ingests untrusted, user-provided third‑party content that can influence actions.