Skills
skills/grandcamel/gitlab-assistant-skills/gitlab-milestone/Gen Agent Trust Hub

gitlab-milestone

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected through GitLab data ingestion.
  • Ingestion points: The skill ingests untrusted data from the GitLab instance via glab milestone list and glab issue list commands (SKILL.md).
  • Boundary markers: Absent; data retrieved from external sources is not wrapped in protective delimiters or accompanied by instructions to ignore embedded commands.
  • Capability inventory: The skill uses Bash to execute glab commands and perform shell processing (SKILL.md).
  • Sanitization: Absent; the shell loop in Workflow 2 pipes output directly from a list command into an update command without validation or escaping.
  • [COMMAND_EXECUTION] (SAFE): The command usage is restricted to the glab binary for its intended administrative purpose. No arbitrary shell execution or unsafe user input interpolation into sensitive commands was detected.
  • [DATA_EXFILTRATION] (SAFE): No network exfiltration patterns or communication with non-whitelisted domains were identified. Data operations are confined to the user's GitLab environment.
  • [EXTERNAL_DOWNLOADS] (SAFE): No remote scripts or packages are downloaded or executed during the skill's runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 09:15 AM