The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill possesses an indirect prompt injection surface. Ingestion points: User-provided inputs such as group names, descriptions, and user IDs in file SKILL.md. Boundary markers: The skill uses jq -Rr @uri to encode group paths, providing partial protection. However, other fields like descriptions lack explicit boundary markers or directives to ignore embedded instructions. Capability inventory: The skill uses the Bash tool to execute glab commands, which include destructive capabilities like deleting groups and removing members. Sanitization: Partial sanitization is present via jq for URL components, but the skill does not explicitly sanitize all user-controlled strings against shell injection.

gitlab-group