gitlab-copilot

SUSPICIOUS: purpose and GitLab-centric capabilities mostly align, and the external CLI provenance appears official. The main risk comes from transitive delegation to another skill plus autonomous repo actions and processing of untrusted MR content that can lead to code changes, pushes, comments, approvals, and pipeline retries. Not malicious on its face, but higher-risk than a simple read-only GitLab helper.