Skills
skills/grandcamel/gitlab-assistant-skills/gitlab-protected-branch/Snyk

gitlab-protected-branch

Warn

Audited by Snyk on Feb 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the GitLab API (e.g., "glab api projects/:id/protected_branches" in the "List Protected Branches" and workflow sections) and consumes branch protection data and branch names from GitLab projects (user-generated content) which the agent is expected to read and then act on (e.g., update/unprotect), so untrusted third-party content can influence tool actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 09:15 AM