gitlab-variable
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill is designed to manage and retrieve CI/CD secrets. Commands such as
glab variable get <key>andglab variable exportprovide the agent with direct access to raw secret values and private configuration data. - [COMMAND_EXECUTION] (MEDIUM): The skill's documentation explicitly suggests using
eval $(glab variable export). This is a dangerous pattern that executes the output of a command which may contain externally-controlled data (variable values), potentially leading to arbitrary command execution if a variable name or value is maliciously crafted. - [DATA_EXFILTRATION] (MEDIUM): The
exportandlistfunctionalities allow for bulk extraction of sensitive repository metadata and secrets. If the agent's behavior is redirected via prompt injection, these tools facilitate the rapid exfiltration of an organization's entire CI/CD secret store. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from an external source (GitLab CI variables).
- Ingestion points: CI/CD variable keys and values are ingested through
glab variable listandglab variable get. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the variable values.
- Capability inventory: The skill possesses powerful capabilities including Bash execution and full CRUD (Create, Read, Update, Delete) access to GitLab variables.
- Sanitization: No sanitization or validation of variable content is performed before the data is returned to the agent context.
Recommendations
- AI detected serious security threats
Audit Metadata