gitlab-cli
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing data from potentially untrusted external sources.
- Ingestion points: The agent is instructed to read GitLab issue comments, merge request discussions, and CI/CD trace logs in
SKILL.md. - Boundary markers: The skill does not define delimiters or specific instructions to treat external GitLab content as non-executable data.
- Capability inventory: The agent has access to powerful GitLab commands, including merging merge requests, creating/updating issues, and interacting directly with the GitLab REST and GraphQL APIs in
SKILL.md. - Sanitization: No sanitization or validation mechanisms are described for handling the content retrieved from GitLab.
- [COMMAND_EXECUTION]: The skill enables the agent to execute a wide variety of GitLab CLI (
glab) and API commands, including destructive operations like canceling jobs or making direct API requests to modify project state.
Audit Metadata