Gitlab Workflow

Security checks across malware telemetry and agentic risk

Overview

This GitLab workflow skill is coherent, but it can approve, merge, retry, and update GitLab resources through a linked account without clearly requiring fresh user confirmation or project limits.

Install only if you trust MorphixAI and want an agent to operate GitLab on your behalf. Use a least-privilege GitLab connection, limit it to intended projects, and require explicit confirmation before approving, merging, retrying pipelines, creating issues or MRs, updating reviewers, or running local git commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill materially expands its operational scope from GitLab API usage to host-level filesystem discovery and shell execution (`find`, `cd`, `git fetch`, `git diff`). That creates a path for the agent to access local repositories and execute commands on the host, which increases the attack surface beyond the declared remote GitLab workflow and can expose sensitive code or local environment context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal