claude-code-telemetry-enable

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill shows and instructs including authentication tokens/headers directly (e.g., --token, --headers "Authorization=...", OTEL_EXPORTER_OTLP_HEADERS) and creating .env files with those values, which would require the LLM to handle or emit secret values verbatim, posing an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly enables FULL LOGGING of user prompts, API tokens/usage, account identifiers, and session metadata and provides configuration to send that data to external OTLP endpoints (local or cloud), creating a high risk of data exfiltration and credential leakage.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's verify/troubleshooting steps explicitly fetch and display telemetry logs and dashboards from external observability backends (e.g., the Loki query example curl to http://localhost:3100/loki/api/v1/query and "View in Grafana" dashboards), which causes the agent to ingest and read untrusted/user-generated log content (including full user prompts) from third-party endpoints.