gitlab
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use standard CLI tools including
gitandcurl. These are intended for legitimate version control tasks such as switching branches, committing changes, and pushing code to GitLab repositories. - [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection vulnerabilities because it processes untrusted data from external sources (GitLab repositories and merge requests) without implementing boundary markers or sanitization. Ingestion points include repository file content and merge request data, and capabilities include shell execution via
gitandcurl. This is documented as a structural risk inherent to the skill's purpose.
Audit Metadata