The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides numerous tools for interacting with GitLab APIs, including administrative and destructive actions such as merge_merge_request, push_files, delete_issue, and create_pipeline. These capabilities allow for significant modification of the repository and its workflows.
[PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection by processing untrusted external content. 1. Ingestion points: Reads merge request diffs (get_merge_request_file_diff), issue content (get_issue), and pipeline logs (get_pipeline_job_output). 2. Boundary markers: There are no instructions or delimiters defined to separate or ignore potentially malicious content within the retrieved data. 3. Capability inventory: The skill has high-privilege access, including the ability to write to the repository, merge code, and trigger pipelines. 4. Sanitization: There is no evidence of input validation or content sanitization before the data is processed by the agent.

gitlab-mcp-skill