to-be-continuous-catalog
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a global NPM package
gitlab-catalog-browser. This downloads code from the public NPM registry at runtime. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to install the CLI, check versions, and interact with the GitLab catalog (e.g.,
npm install -g,gitlab-catalog-browser catalog list). - [REMOTE_CODE_EXECUTION]: The command
gitlab-catalog-browser skills get to-be-continuous-catalogfetches workflows and reference material from a remote source and loads them into the agent's context. This constitutes dynamic loading of instructions from a remote repository managed by the CLI tool. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from the GitLab CI/CD component catalog (inputs, job definitions, schemas). While the skill includes instructions to treat this as data, malicious metadata in a public GitLab component could attempt to influence the agent's behavior.
- Ingestion points:
gitlab-catalog-browser catalog info,component inputs,component jobs,component workflows(SKILL.md). - Boundary markers: The skill explicitly instructs the agent to treat external content as DATA, not instructions.
- Capability inventory: Global package installation (
npm install -g), shell command execution, and remote instruction fetching. - Sanitization: No explicit sanitization or validation of the fetched component specifications is performed beyond the CLI's internal logic.
Audit Metadata