gitlab-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from GitLab.
- Ingestion points: External content is fetched from GitLab issues, merge requests, and commit logs via tools such as GITLAB_LIST_PROJECT_ISSUES and GITLAB_GET_PROJECT_MERGE_REQUESTS.
- Boundary markers: No explicit delimiters or instructions are provided to separate user-controlled content from system prompts.
- Capability inventory: The skill possesses extensive capabilities to modify the project state, including creating branches (GITLAB_CREATE_REPOSITORY_BRANCH) and updating issues (GITLAB_UPDATE_PROJECT_ISSUE).
- Sanitization: There is no mention of sanitization or validation for ingested data.
- [EXTERNAL_DOWNLOADS]: The skill requires the use of an external third-party service provider.
- Evidence: Users are instructed to add https://rube.app/mcp as an MCP server endpoint to provide the necessary tool functionality.
Audit Metadata