gitlab-claude

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from GitLab merge requests (e.g., via glab mr view, glab mr diff, glab mr note list) and reads MR diffs/comments/logs as required inputs that directly influence review actions, agent prompts, and fixes, exposing it to untrusted third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches GitLab MR content at runtime (e.g., https://gitlab.com/group/subgroup/project/-/merge_requests/42) via the glab CLI and injects the fetched diffs/comments into subagent prompts, so external content directly controls the agent prompts and is a required dependency.