gitlab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches user-generated content from third-party GitLab instances via API calls (e.g., curl to https://$GITLAB_HOST/api/v4/projects/.../issues and /merge_requests) and uses that content in workflows that can trigger actions (creating/updating/merging), so untrusted web-hosted content could influence agent behavior.