Skills
skills/membranedev/application-skills/gitlab/Gen Agent Trust Hub

gitlab

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package via npm. This is a verified utility provided by the vendor (membrane) and is necessary for the skill to function.
  • [COMMAND_EXECUTION]: All GitLab operations are performed using the membrane command-line tool. The commands are limited to the intended functionality of managing GitLab projects, issues, and merge requests.
  • [INDIRECT_PROMPT_INJECTION]: The skill acts as an interface for GitLab data, which could potentially contain malicious content embedded in issue descriptions or project titles.
  • Ingestion points: Data is retrieved from GitLab via actions such as list-issues and get-project as defined in SKILL.md.
  • Boundary markers: None. There are no explicit instructions to the agent to disregard instructions found within the retrieved GitLab data.
  • Capability inventory: The agent can perform actions and proxy requests using membrane action run and membrane request.
  • Sanitization: No sanitization or validation of the external GitLab content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 08:59 AM