glab
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for modifying user shell profiles (~/.bashrc, ~/.zshrc) to persist environment variables and configuration settings.\n- [COMMAND_EXECUTION]: Includes commands that require elevated privileges or write to system-protected paths, such as installing completion scripts into /etc/bash_completion.d/.\n- [COMMAND_EXECUTION]: Explicitly references the use of sudo for system package management and updates.\n- [DATA_EXFILTRATION]: Documents procedures for exporting potentially sensitive CI/CD variables to local files and uploading local files to GitLab as snippets.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external GitLab resources.\n
- Ingestion points: Data enters the context from GitLab issues, merge requests, and API responses (e.g., in SKILL.md and references/commands-detailed.md).\n
- Boundary markers: No specific boundary markers or instructions are provided to distinguish between data and instructions.\n
- Capability inventory: The skill uses the Bash tool, allowing for the execution of arbitrary commands if malicious input is interpreted as an instruction.\n
- Sanitization: No evidence of data sanitization or input validation exists in the provided scripts or instructions.
Audit Metadata