gitlab-ci-pipeline-configuration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill contains no malicious patterns, obfuscation, or unauthorized data access. The provided YAML examples follow official GitLab CI documentation standards.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides the agent with capabilities to read and modify CI configuration files, creating a surface for indirect prompt injection if an existing config file contains malicious instructions.
- Ingestion points: Accesses pipeline files via Read and Glob tools.
- Boundary markers: Absent in provided examples.
- Capability inventory: Uses Bash, Write, and Edit tools to modify files and potentially execute commands.
- Sanitization: None specified for input data.- [COMMAND_EXECUTION] (SAFE): Although the Bash tool is enabled, its usage in the documentation is limited to standard build and test scripts (e.g., npm ci, npm run test). No suspicious command patterns like piped remote execution or privilege escalation were found.
Audit Metadata