gitlab-container
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The example for project-path based repository listing is vulnerable to shell injection. It uses a subshell construction: $(echo 'input' | jq ...). An attacker can provide an input containing a single quote (e.g., "' ; ; '") to terminate the echo string and execute arbitrary shell commands on the host.
- Prompt Injection (LOW): The skill ingests untrusted user input for project and repository identifiers. Evidence Chain: 1. Ingestion points: project/repo IDs in shell commands. 2. Boundary markers: None. 3. Capability inventory: GitLab API access and Bash execution. 4. Sanitization: Uses jq URI encoding but fails to prevent shell-level injection in the current pattern.
Audit Metadata