glab
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides standard command-line instructions for the glab utility. All commands are legitimate GitLab operations for project management.
- [DATA_EXFILTRATION] (SAFE): References to authentication tokens (GITLAB_TOKEN) are provided for context on standard authentication procedures. No hardcoded credentials or unauthorized data transmission patterns were found.
- [PROMPT_INJECTION] (SAFE): 1. Ingestion points: The skill facilitates reading external content from GitLab (MRs, issues, logs). 2. Boundary markers: None specified in the documentation. 3. Capability inventory: Includes GitLab API access and resource modification commands. 4. Sanitization: The surface is inherent to the skill's purpose as a GitLab interface; no instructions for bypassing agent constraints or malicious prompt interpolation were found.
Audit Metadata