gitlab-repo
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill implements destructive commands like
glab repo deleteand specifically documents the-y, --yesflag to bypass confirmation prompts. In an autonomous agent context, this creates a significant risk of accidental or malicious data loss. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external sources (GitLab project metadata, search results) and possesses high-impact capabilities through the
Bashtool. A malicious project could use its name or description to attempt to influence the agent's logic. - Ingestion points:
glab repo search,glab repo view, andglab repo contributorsoutput. - Boundary markers: Absent. No specific instructions are provided to the agent to treat external project data as untrusted.
- Capability inventory: Full
Bashtool access, file read/write throughglaboperations. - Sanitization: No input validation or sanitization of repository paths or names is mentioned.
- [EXTERNAL_DOWNLOADS] (SAFE): While the skill depends on the external
glabbinary being present on the system, it does not attempt to download or install it at runtime.
Audit Metadata