gitlab-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests user-provided GitLab MR content (e.g., via glab mr view, glab mr diff, glab mr note list, and glab ci trace) as described in the SKILL.md MR Read/Review/Fix/CI-Fix workflows, and it reads existing MR comments and diffs into subsequent agent prompts and decision logic, exposing the agent to untrusted, user-generated third-party content that can alter actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches Merge Request content at runtime from GitLab URLs (e.g., https://gitlab.com/group/subgroup/project/-/merge_requests/42) and injects the retrieved diff and comments directly into the prompts for spawned specialist agents, so external content can control agent behavior.