gitlab-epic-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk vulnerability surface by processing external enterprise data while possessing high-privilege tool access.
- Ingestion points: User requests and repository data related to "gitlab epic creator" (SKILL.md).
- Boundary markers: Absent; there are no delimiters or instructions provided to the agent to ignore instructions embedded in the data it processes.
- Capability inventory: The skill metadata explicitly requests
Bash,Write,Edit, andReadpermissions (SKILL.md). - Sanitization: Absent; no input validation or filtering logic is defined to prevent malicious payloads from influencing the agent's behavior.
- Command Execution (MEDIUM): The skill requests access to the
Bashtool in its metadata. While no specific scripts are included in this file, the granting of shell access to a skill that auto-activates on user-controlled strings is a significant security risk. - No Code (INFO): The analyzed file contains only metadata and descriptive markdown; no functional scripts or executable code blocks were found to verify the safe usage of the requested tools.
Recommendations
- AI detected serious security threats
Audit Metadata