Skills
skills/jojious/ada-skills/gitlab-claude/Gen Agent Trust Hub

gitlab-claude

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run glab and git commands. This includes operations that modify remote state, such as git push, glab mr create, and glab mr note. These actions are performed across all workflows defined in SKILL.md.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from GitLab and passing it to sub-agents.
  • Ingestion points: In SKILL.md, the 'MR Review', 'MR Fix', 'MR CI Fix', and 'MR Feedback' workflows fetch untrusted content including MR metadata (glab mr view), code diffs (glab mr diff), user comments (glab mr note list), and pipeline logs (glab ci trace).
  • Boundary markers: The skill uses markdown headers and horizontal rules (e.g., ## Diff, ---) to delineate data from instructions in agent prompts. However, there are no specific escaping mechanisms or instructions to the agents to ignore potential commands embedded in the diffs or comments.
  • Capability inventory: The skill is granted Bash, Read, and Agent tools, enabling it to execute system commands, read local files, and spawn sub-agents with specific prompts.
  • Sanitization: There is no evidence of sanitization or content filtering for the data retrieved from GitLab before it is used in LLM prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:09 AM
Security Audit — agent-trust-hub — gitlab-claude