Skills
skills/jojious/ada-skills/gitlab-copilot/Gen Agent Trust Hub

gitlab-copilot

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
  • Ingestion points: In SKILL.md, the MR Review, MR Fix, and MR Feedback workflows fetch untrusted data from external sources using 'glab mr diff' and 'glab mr note list'.
  • Boundary markers: In Step 3 of the MR Review Workflow, diff and comment data are interpolated into specialist agent prompts using Markdown headers like '## Diff' but lack explicit instructions or robust delimiters to prevent the agent from obeying instructions embedded within that data.
  • Capability inventory: The skill has significant capabilities in SKILL.md, including executing shell commands via the bash tool (git/glab interaction), posting notes to GitLab, and invoking external skills like 'neo-team-copilot' to perform automated code modifications.
  • Sanitization: There is no evidence of logic to sanitize or validate the content of git diffs or external comments before they are presented to the specialist agents.
  • [COMMAND_EXECUTION]: The skill heavily relies on executing shell commands to perform its primary tasks.
  • Evidence: Found throughout SKILL.md, specifically using the bash tool for commands such as 'git push', 'glab mr create', 'glab ci trace', and 'glab mr note' to interact with the repository and CI environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 02:36 AM
Security Audit — agent-trust-hub — gitlab-copilot