The Agent Skills Directory

[COMMAND_EXECUTION]: Potential shell command injection through the extraction of mr_id and repo_ref variables from user-supplied GitLab URLs. The skill's logic for parsing these values does not explicitly include validation or sanitization, and the extracted strings are passed as arguments to glab and git commands via the bash tool.
[PROMPT_INJECTION]: Vulnerability to indirect prompt injection. The skill ingests untrusted data from GitLab Merge Requests (titles, diffs, and existing comments) and includes this content directly in the prompts for specialized agents (Code Reviewer, Security, and QA).
Ingestion points: Merge Request metadata, diffs, and discussion threads fetched via glab mr view, glab mr diff, and glab mr note list in SKILL.md.
Boundary markers: The instructions use Markdown headers and triple-backticks to enclose the ingested data but lack explicit instructions to the processing agents to disregard instructions or commands contained within the MR content.
Capability inventory: The agent has access to the bash tool (shell execution), view (file system access), and the skill tool (invocation of other skills such as neo-team-copilot).
Sanitization: No sanitization or filtering of the ingested MR content is performed before it is interpolated into agent prompts.

gitlab-copilot