gitlab-ci
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill facilitates the execution of legitimate GitLab CLI commands (
glab). These commands are standard for CI/CD management and operate within the context of the user's authenticated session. - [INDIRECT_PROMPT_INJECTION] (LOW): This skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources.
- Ingestion points: Commands like
glab ci traceandglab ci viewpull live logs and terminal output from GitLab runners, which are controlled by the code being tested in the pipeline. - Boundary markers: The instructions do not define clear delimiters or use 'ignore embedded instructions' markers for the logs being processed.
- Capability inventory: The agent has high-impact capabilities including triggering new pipelines with variables (
glab ci run --variables=...) and deleting pipelines/jobs (glab ci delete). - Sanitization: There is no evidence of log sanitization or validation of the content returned from the trace/view commands before the agent continues the conversation.
- [DATA_EXPOSURE] (SAFE): While the skill can download artifacts using
glab ci artifact, this is the primary purpose of the tool. It does not attempt to access sensitive system files like SSH keys or AWS credentials.
Audit Metadata