code-review
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted content from GitLab Merge Requests, which could contain malicious instructions meant to override agent behavior.
- Ingestion points: GitLab Merge Request details, branch names, and code changes fetched via Zapier MCP.
- Boundary markers: Absent; there are no specified delimiters or instructions to treat MR content as purely data.
- Capability inventory: The skill is granted 'read' and 'write' tool permissions, which could be exploited if an injection is successful.
- Sanitization: No sanitization or validation of the external MR data is described in the instructions.
Audit Metadata