GitLab

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GitLab connector that can read GitLab data and create issues through OOMOL, with write actions requiring confirmation.

Install only if you trust OOMOL to broker your GitLab connection. Review the GitLab scopes granted to the connected account, and confirm issue-creation payloads before allowing writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description instructs agents to use this skill for ANY GitLab request, creating a very broad trigger surface that can cause unintended activation and over-reliance on this connector. In multi-tool environments, this can route unrelated or more sensitive GitLab tasks through a generic skill without sufficient task scoping, confirmation, or least-privilege checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal