gitlab
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs users to install the 'orbit' CLI using the command
curl -sSfL https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh | sh. This pattern downloads and executes a remote script with the user's privileges without any prior verification or checksum validation, which is a high-risk practice for remote code execution. - [COMMAND_EXECUTION]: The skill's core functionality is built around the execution of the external 'orbit' CLI tool. The agent is instructed to run various shell commands (e.g.,
orbit -p <profile> gl ...) to interact with GitLab services and local configuration files. - [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it fetches and processes content from external GitLab resources such as merge requests, issues, and comments. 1. Ingestion points: Content from GitLab API retrieved via commands like
gl mr view,gl mr notes, andgl issue view(SKILL.md, references/commands.md). 2. Boundary markers: No delimiters or specific instructions are provided to the agent to ignore potentially malicious content within the fetched data. 3. Capability inventory: The skill can execute shell commands via the 'orbit' CLI, access the network to call GitLab APIs, and read the user's local configuration at~/.config/orbit/config.yaml. 4. Sanitization: No sanitization, escaping, or validation of the remote content is implemented before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata