gitlab
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through ingestion of untrusted data from GitLab. Ingestion points: The skill reads external content via
glab mr view,glab issue list,glab pipeline ci trace, andgitlab_get_file_content. Boundary markers: No explicit delimiters or instructions are defined to prevent the agent from following instructions embedded in the retrieved content. Capability inventory: The skill possesses high-impact capabilities including shell command execution (glab,kubectl,helm,docker), pipeline triggers, and file modification. Sanitization: No evidence of sanitization or filtering of external input is present in the skill instructions. - [COMMAND_EXECUTION]: The skill uses various command-line interfaces for DevOps tasks. Evidence: Extensive use of
glab,kubectl,helm,docker, andcurlcommands for managing repositories and deployments. - [EXTERNAL_DOWNLOADS]: Fetches components from well-known and trusted sources. Evidence: References official and well-known Docker images (node, docker, bitnami/kubectl, aquasec/trivy) and uses the
@modelcontextprotocol/server-gitlabpackage for MCP integration.
Audit Metadata