gitlab
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides instructions to update the Git remote URL with the
GITLAB_TOKENenvironment variable (e.g.,git remote set-url origin https://oauth2:${GITLAB_TOKEN}@gitlab.com/...). This practice results in the sensitive authentication token being stored in plain text in the.git/configfile on the local filesystem, where it may be exposed to other users or processes. - [COMMAND_EXECUTION]: The skill relies on shell commands, including
gitandcurl, to manage code repositories and interact with the GitLab API. - [PROMPT_INJECTION]: The skill facilitates an attack surface for indirect prompt injection (Category 8).
- Ingestion points: Data retrieved from the GitLab API or repository content via
curlandgitcommands (SKILL.md). - Capability inventory: Execution of shell commands (
git,curl) to perform repository operations (SKILL.md). - Boundary markers: There are no boundary markers or specific instructions provided to the agent to distinguish between its instructions and potentially malicious data fetched from external sources.
- Sanitization: No sanitization or validation mechanisms are described for processing data received from the GitLab environment.
Audit Metadata