gitlab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches GitLab merge request data (via the glab commands in "Step 1: Fetch" in SKILL.md, e.g., glab mr view / glab mr diff) and injects the full MR diff into the prompts for parallel subagents and into the generated comment, so untrusted user-generated MR content from public GitLab URLs is directly read and can influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches MR diffs at runtime from user-supplied GitLab URLs (e.g., https://gitlab.com/group/subgroup/project/-/merge_requests/42) using glab mr diff and injects that fetched diff into agent prompts, so remote repository content can directly control the model's instructions.