The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary function is the execution of shell commands using the glab, git, and curl binaries. These operations are the core mechanism for its GitLab integration and are clearly documented with specific safety tiers and confirmation requirements for destructive actions.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it fetches and processes untrusted data from remote GitLab projects. 1. Ingestion points: The agent retrieves potentially attacker-controlled data such as repository file contents, issue descriptions, and merge request notes via glab api and glab mr view. 2. Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from interpreting embedded malicious content as instructions. 3. Capability inventory: The agent has the ability to execute CLI commands, perform network requests via curl, and modify project state. 4. Sanitization: There are no requirements to sanitize or validate external content before it is incorporated into the agent's context.
[CREDENTIALS_UNSAFE]: The skill contains procedures that handle sensitive authentication tokens in a manner that could lead to exposure. It suggests using the --token flag in glab auth login, which places the secret in the shell's command history. Furthermore, it instructs the agent to extract tokens using glab auth status -t and pass them in plain text within curl headers, potentially exposing them in system process lists or insecure logging environments.

glab