The Agent Skills Directory

Data Exposure & Exfiltration (HIGH): The script scripts/export_variables.sh is designed to leak secrets. It runs glab variable export, which retrieves all project or group environment variables (including those marked as 'masked' in the UI), saves them to a local file, and then executes cat "$OUTPUT". This action prints raw credentials, API tokens, and private keys into the agent's output stream.
Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it reads and processes content from untrusted external sources.
Ingestion points: Untrusted data is ingested via glab issue view, glab mr view, and glab ci trace (job logs).
Boundary markers: Absent. The agent receives the raw CLI output without delimiters or instructions to treat the content as untrusted data.
Capability inventory: The skill possesses highly sensitive capabilities, including repository deletion (glab repo delete --yes), variable manipulation (glab variable set), and CI/CD execution (glab ci run).
Sanitization: None. The skill does not filter or sanitize the content of issues, merge requests, or logs before processing them.
Command Execution (MEDIUM): The skill provides a functional wrapper for the glab CLI, granting the agent the ability to execute a wide array of administrative commands on internal infrastructure (192.168.10.117). While this is the intended purpose, the inclusion of the --yes flag in documentation and scripts increases the risk of accidental or malicious destructive actions.

gitlab-cli