gitlab-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitLab content (MR JSON, diffs, notes/comments, and CI job logs) via glab commands like "glab mr view", "glab mr diff", "glab mr note list", and "glab ci trace", and it reads and acts on that content (summaries, spawning specialist agents, handoffs to neo-team-copilot, and automated fixes), so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches GitLab merge request content at runtime from URLs like https://gitlab.com/group/subgroup/project/-/merge_requests/42 and injects the MR diff and comments directly into agent prompts (and uses that data to drive downstream agent actions), so external content controls the prompts.