gitlab-discussion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs using glab api to fetch GitLab discussions (e.g., "List MR discussions" and "Workflow 2: Resolve All Discussions" which call glab api projects/:id/.../discussions), thereby ingesting user-generated discussion bodies that the workflows read and act on (list, summarize, resolve), so third-party content can influence agent actions.