Skills
skills/dedalus-erp-pas/foundation-skills/gitlab-issue/Gen Agent Trust Hub

gitlab-issue

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the glab command-line interface to perform operations such as creating, viewing, and updating issues. This involves the agent executing shell commands with parameters derived from project identifiers, titles, and descriptions provided by the user.
  • [DATA_EXFILTRATION]: The skill connects to a self-hosted GitLab instance at https://gitlab-erp-pas.dedalus.lan. This involves transmitting project metadata, user IDs, and issue content to an external server. This communication is consistent with the skill's primary purpose and targets infrastructure associated with the author (Dedalus).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from GitLab that could contain malicious instructions.
  • Ingestion points: Data enters the agent's context through commands like glab issue view, glab issue list, and glab mr list as described in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes the output of GitLab CLI commands.
  • Capability inventory: The skill has the capability to execute commands via glab to modify issues, create notes, or change issue states (SKILL.md).
  • Sanitization: There is no mention of sanitizing or validating the content retrieved from GitLab before it is interpreted or used by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:54 AM
Security Audit — agent-trust-hub — gitlab-issue