gitlab
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides instructions to include the GITLAB_TOKEN in the git remote URL (e.g., https://oauth2:${GITLAB_TOKEN}@gitlab.com/...), which results in the sensitive token being stored in plain text within the local .git/config file.
- [COMMAND_EXECUTION]: The skill triggers standard system commands including git (checkout, add, commit, push) and curl to perform repository tasks and API interactions.
- [DATA_EXFILTRATION]: The skill transmits data to gitlab.com via the GitLab API and git operations. As GitLab is a well-known technology service, this interaction is considered safe and necessary for the skill's stated purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing data from external GitLab repositories. (1) Ingestion points: Git repository content and merge request metadata. (2) Boundary markers: None present in the prompt instructions. (3) Capability inventory: Subprocess execution via git and network access via curl. (4) Sanitization: No explicit content sanitization is defined for processed data.
Audit Metadata