gitlab-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call GitLab APIs (e.g., GITLAB_LIST_PROJECT_ISSUES, GITLAB_GET_PROJECT_MERGE_REQUESTS, GITLAB_LIST_REPOSITORY_COMMITS) to fetch and read issue/merge request/commit content from GitLab, which is user-generated/untrusted third-party content and can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires connecting at runtime to the MCP endpoint https://rube.app/mcp to fetch current tool schemas via RUBE_SEARCH_TOOLS, which can directly change the agent's available tools/instructions and is therefore a runtime external dependency that controls agent behavior.