glab-resolve
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from GitLab MR comments. An attacker could embed instructions in comments to manipulate the agent during the 'implement modifications' phase. Ingestion points: Comments fetched via 'glab api' in 'scripts/fetch_discussions.sh'. Boundary markers: None detected in the prompt logic. Capability inventory: File modification, build command execution, and test execution. Sanitization: None performed on the fetched comment body.
- [COMMAND_EXECUTION]: The skill requires the agent to execute build and test commands (e.g., '编译通过', '单元测试通过'). This creates a risk if the preceding code changes were influenced by malicious instructions from MR comments.
- [COMMAND_EXECUTION]: The skill runs local bash scripts that invoke the GitLab CLI with user-provided identifiers, representing an intended but powerful system interaction capability.
Audit Metadata