gitlab
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs API interactions by executing curl commands wrapped in bash -c, which is used to ensure environment variables are correctly propagated during piped operations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its interaction with untrusted external content. 1. Ingestion points: Data retrieved from GitLab endpoints including projects, issues, merge requests, and user profiles in SKILL.md. 2. Boundary markers: The skill does not implement delimiters or instructions to treat data from the GitLab API as untrusted. 3. Capability inventory: Uses bash, curl, and jq for processing; includes file writing to /tmp/gitlab_request.json and /tmp/gitlab_search.txt (SKILL.md). 4. Sanitization: Outgoing data is handled via JSON files to prevent shell injection, but incoming data from API responses is not sanitized before being returned to the agent context.
Audit Metadata