gitlab-kiro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches GitLab merge request diffs, notes/comments, and CI job logs via commands like glab mr view, glab mr diff, glab mr note list, and glab ci trace (see SKILL.md workflows), and then injects those untrusted, user-generated contents into specialist-agent prompts and decision logic (parallel review, fix/CI-fix handoffs), so third-party text can materially influence actions.