code-review
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted external data into the agent's context.
- Ingestion points: The skill fetches data from GitLab including Merge Request descriptions (
glab mr view), file diffs (glab mr diff), issue details (glab issue view), and existing discussion threads (glab api). - Boundary markers: Absent. There are no instructions or delimiters provided to separate the agent's operational instructions from the external data being analyzed.
- Capability inventory: The agent has the ability to execute shell commands and perform write operations (posting comments and discussions) back to the GitLab API.
- Sanitization: Absent. The skill does not perform any validation or sanitization of the content retrieved from GitLab before processing it.
- [COMMAND_EXECUTION]: The skill uses multiple shell commands via
glabandgitto perform its primary functions. While these are necessary for the skill's purpose, they provide a capability surface that could be exploited if the agent's instructions are subverted by malicious content in a Merge Request.
Audit Metadata