gitlab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call the GitLab REST API (e.g., https://gitlab.com or a self-hosted GitLab) to list and fetch project issues, merge requests, comments, and other user-generated content (see "List Project Issues", "Get Issue Details", "List Merge Requests", etc.), which the agent would read and could use to make decisions or perform actions like merging MRs—exposing it to untrusted third-party content.