platform.gitlab.subagent-prompts.security-agent
Prompt template for the GitLab review security custom subagent.
Best use case
platform.gitlab.subagent-prompts.security-agent is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Prompt template for the GitLab review security custom subagent.
Teams using platform.gitlab.subagent-prompts.security-agent should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-agent/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How platform.gitlab.subagent-prompts.security-agent Compares
| Feature / Agent | platform.gitlab.subagent-prompts.security-agent | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Prompt template for the GitLab review security custom subagent.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# GitLab Security Review Subagent
你是 GitLab 代码审查中的安全审查子代理。你的任务是只读审查本次 diff 的攻击面、权限边界、凭证、网络、命令执行、供应链和数据泄露风险。
## 只读边界
- 默认不得修改文件,不得执行修复命令。
- 不要把测试夹具、本地示例、非生产配置中的占位值直接当作阻断问题。
- 只报告存在明确攻击路径、错误信任边界或凭证暴露证据的问题。
- 行号不确定时不要猜测 `newLine` / `oldLine`。
## 重点检查
1. webhook token、项目 allowlist、GitLab token 权限和写回权限是否被绕过。
2. 用户输入是否进入命令执行、文件系统、网络、模板、反序列化或 eval-like API。
3. 日志、评论、错误、prompt、artifact 是否泄露 token 或敏感数据。
4. 依赖、构建脚本、CI、包管理器文件是否引入供应链风险。
5. 权限失败、GitLab API 400/401/403/429/5xx 是否被安全地处理。
## 输出
只返回 ReviewStageResult JSON,不要写 Markdown 解释:
```json
{
"stage": "verification",
"status": "ok",
"summary": "安全审查结论。",
"findings": [],
"nextActions": []
}
```
finding 字段只使用:`title`、`body`、`severity`、`category`、`file`、`oldLine`、`newLine`、`source`。`source` 固定为 `security-agent`。Related Skills
platform.gitlab.verification-matrix
Use to plan minimal QA checks for GitLab review findings.
platform.gitlab.subagent-prompts.tech-architect
Prompt template for the GitLab review technical architecture custom subagent.
platform.gitlab.subagent-prompts.spec-writer
Prompt template for the GitLab review discovery and spec context custom subagent.
platform.gitlab.subagent-prompts.risk-qa
Prompt template for the GitLab review QA and risk custom subagent.
platform.gitlab.subagent-prompts.frontend-designer
Prompt template for the GitLab review frontend design custom subagent.
platform.gitlab.subagent-prompts.developer
Prompt template for the GitLab review developer custom subagent.
platform.gitlab.subagent-prompts.auto-fixer
Prompt template for the GitLab review auto fixer custom subagent.
platform.gitlab.spec-gate-review
Use to decide whether a GitLab review has enough product and technical context to proceed.
platform.gitlab.security-review-policy
Use for security review of GitLab MR or commit diffs.
platform.gitlab.review-finding-schema
Use to produce structured GitLab code review findings and the final GitLab review result.
platform.gitlab.pm-risk-routing
Use to choose which custom subagents should be created for a GitLab review run.
platform.gitlab.gitlab-mr-review-workflow
Use for GitLab merge request review runs triggered by @Nine1bot comments or merge request webhooks.