gitlab-mr
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill facilitates interaction with the GitLab CLI (
glab) through the Bash tool. These operations (list, view, create, merge) are restricted to the intended GitLab functionality and do not exhibit signs of arbitrary command injection or privilege escalation. - [DATA_EXFILTRATION] (SAFE): While the skill reads and writes data to GitLab, there is no evidence of hardcoded credentials, unauthorized access to sensitive local files (like SSH keys or AWS configs), or exfiltration to untrusted third-party domains.
- [PROMPT_INJECTION] (LOW): As the skill ingests data from external sources such as Merge Request descriptions and comments, it is theoretically susceptible to indirect prompt injection.
- Ingestion points:
glab mr view <id> --commentsreads external user-generated content into the agent's context. - Boundary markers: Absent. The skill does not explicitly wrap the command output in delimiters.
- Capability inventory: The agent has the ability to execute Bash commands and modify MRs, which could be exploited if the LLM follows instructions hidden in MR comments.
- Sanitization: Not present in the skill's instructions. This is a common surface for such tools and is considered a low risk in this context.
Audit Metadata