gitlab
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
curlandjqto interact with the GitLab API. These operations are limited to standard API endpoints and use environment variables for configuration. - [EXTERNAL_DOWNLOADS]: Data is fetched from the GitLab API at the location specified by the user's
GITLAB_URLenvironment variable. This is necessary for the skill's functionality and does not involve downloading executable scripts. - [CREDENTIALS_UNSAFE]: The skill uses the
GITLAB_TOKENenvironment variable for authentication. This is a secure practice as it avoids hardcoding sensitive credentials directly in the skill file. - [PROMPT_INJECTION]: The skill processes data from GitLab, such as merge request descriptions and job logs. This represents a surface for indirect prompt injection, but the skill itself does not contain instructions to bypass safety guidelines or override agent behavior.
Audit Metadata