code-review
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup process involves installing Node.js dependencies via a standard registry and mentions an
install.shscript for automated configuration of the MCP server environment. - [COMMAND_EXECUTION]: The documentation provides instructions for the manual compilation and execution of the MCP server using
npm installandnpm run build, which are routine developer operations for this type of integration. - [PROMPT_INJECTION]: The skill has an inherent exposure to indirect prompt injection (Category 8) due to its core function of processing external, untrusted content from GitLab merge requests.
- Ingestion points: Untrusted data from GitLab (titles, descriptions, and code diffs) is brought into the agent's context through the
get_merge_requestandget_merge_request_difftools inmcp-server/src/index.ts. - Boundary markers: Absent. The skill instructions in
SKILL.mddo not currently define explicit delimiters to isolate external content from the agent's internal analysis logic. - Capability inventory: The agent uses the fetched data to perform stylistic, logic, security, and performance analyses and summarizes its findings in a report.
- Sanitization: The skill does not perform pre-processing or filtering of the fetched content, relying instead on the agent's internal reasoning during the analysis phase.
Audit Metadata