gitlab-wiki
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads untrusted wiki content from GitLab via the glab API. If an attacker places malicious instructions in a wiki page, the agent might process and follow them. Evidence: 1. Ingestion points: glab api projects/:id/wikis/:slug (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash (glab), Read, Glob, Grep. 4. Sanitization: Absent.
- Command Execution (LOW): The skill uses the glab CLI for all operations and employs shell substitution for URI encoding of project paths and slugs.
- Destructive Operations (LOW): The skill includes functionality to delete wiki pages, which could be exploited through indirect injection or agent error.
Audit Metadata