Skills
skills/grandcamel/gitlab-assistant-skills/gitlab-release/Gen Agent Trust Hub

gitlab-release

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): The command glab release upload <tag> <file> provides a direct mechanism to send local files to a remote server. While intended for legitimate assets, it can be abused to exfiltrate sensitive files such as ~/.ssh/id_rsa, .env, or cloud credentials if the agent is coerced through prompt injection or malicious instructions.
  • [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to execute glab commands. The risk is minimized as it uses a standard CLI tool, but it relies on proper parameter sanitization which is not explicitly defined in the skill logic.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from GitLab (release notes, tag names) which could contain hidden instructions targeting the agent.
  • Ingestion points: glab release view <tag>, glab release list.
  • Boundary markers: Absent. The agent processes the command output directly without delimiters.
  • Capability inventory: File reading, network upload (via glab), and release deletion.
  • Sanitization: Absent. There is no logic to filter or escape the contents of release notes or descriptions before they enter the agent's context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 09:15 AM