gitlab-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md instructs the agent to run glab api search calls (e.g., "glab api 'search?scope=blobs&search=TODO'" and group/project search commands) to fetch issues, code blobs, comments, and wiki content from GitLab — all user-generated third-party content that the skill explicitly tells the agent to read/parse in its workflows, so external content could carry instructions that influence subsequent actions.