gitlab-issue
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to instructions embedded in GitLab issue titles, descriptions, or comments.
- Ingestion points: Data enters the agent context via
glab issue viewandglab issue listcommands. - Boundary markers (absent): The skill does not define delimiters or specific instructions to help the agent distinguish between issue content and system instructions.
- Capability inventory: The skill allows execution of shell commands through the
Bashtool, including creating and modifying resources. - Sanitization (absent): No sanitization or filtering logic is present for data retrieved from external GitLab sources.
- [Command Execution] (LOW): Several commands (e.g.,
glab issue create,glab issue note) interpolate user-provided strings directly into shell command arguments. Without rigorous escaping by the tool execution environment, this could allow for local command injection via shell metacharacters.
Audit Metadata