gitlab-ci-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill provides templates that interpolate external data (repository code, commit messages, or user-provided variables) into high-privilege execution environments (Kubernetes, Terraform, Docker).
- Ingestion Points: Pipeline triggers and variables derived from repository content or environment variables.
- Boundary Markers: None. The patterns lack delimiters or sanitization logic for interpolated strings.
- Capability Inventory: Full command execution (
npm run), cloud infrastructure modification (terraform apply), and container orchestration (kubectl apply). - Sanitization: None provided. The agent is expected to populate these templates without explicit safety constraints.
- Dynamic Execution (MEDIUM): The 'Dynamic Child Pipelines' section demonstrates a pattern where a Python script generates a YAML configuration that is subsequently executed as a child pipeline. This creates a secondary execution layer that is difficult to audit and can be exploited to run arbitrary logic if the generation script is compromised or receives malicious input.
- Security Best Practice Violation (LOW): The Kubernetes deployment template includes
--insecure-skip-tls-verify=true. This disables certificate validation, making the pipeline vulnerable to Man-in-the-Middle (MitM) attacks during deployment to production or staging environments.
Recommendations
- AI detected serious security threats
Audit Metadata