gitlab-search
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from GitLab resources such as issue titles, merge request descriptions, and code blobs. An attacker with access to a GitLab repository could inject malicious instructions into these fields to influence the agent's behavior when it searches those resources.
- Ingestion points: Results from
glab api "search?scope=..."calls. - Boundary markers: Absent. The skill does not implement delimiters or 'ignore' instructions for the data it retrieves.
- Capability inventory: The skill allows execution of
glabcommands andbashsubshells, providing a platform for further actions if an injection is successful. - Sanitization: Absent. Data returned from the GitLab API is processed directly by
jqand presented to the agent context. - [Data Exposure] (LOW): Workflow 4 explicitly demonstrates searching for sensitive strings like 'password', 'secret', and 'api_key'. While this is a common use case for security auditing, it actively brings sensitive credentials into the agent's working memory.
- [Command Execution] (SAFE): The skill uses
glab apiandbashfor its primary functions. It usesjqfor URI encoding (jq -Rr @uri) to safely construct URLs from user input, which is a defensive best practice for preventing command or path injection within the API calls.
Audit Metadata