gitlab
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted input fields like 'issue_title' and 'issue_description' while possessing high-privilege capabilities such as triggering CI/CD pipelines (SKILL.md). There are no boundary markers or instructions to ignore embedded commands, creating a risk where a malicious GitLab issue could influence the agent's behavior.
- [Command Execution] (MEDIUM): The skill requires the execution of shell commands via the 'refly' CLI tool to run workflows and manage status (SKILL.md).
- [External Downloads] (MEDIUM): The skill is installed from an external registry (refly.ai) which is not listed as a trusted source (README.md).
Recommendations
- AI detected serious security threats
Audit Metadata