observability-control
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Hardcoded credentials
admin:adminare used across multiple operational commands (backup, restore, status checks) for the Grafana service. - [COMMAND_EXECUTION] (HIGH): The skill utilizes high-privilege Docker commands including
docker run --rm -v,docker volume rm, anddocker compose. These allow for arbitrary file system modifications on the host through volume mounting and container lifecycle management. - [PROMPT_INJECTION] (HIGH): Category 8 (Indirect Prompt Injection) risk is high.
- Ingestion points: Data is ingested via
docker logs, Grafana search APIs (/api/search), and Loki log labels. - Boundary markers: None. Untrusted data from logs or dashboard titles is piped directly into other tools.
- Capability inventory: High-privilege Docker operations and direct shell execution.
- Sanitization: No sanitization or validation of data retrieved from the observability stack before it is processed or displayed to the agent.
- [EXTERNAL_DOWNLOADS] (LOW): While the automated scan flagged a piped execution pattern, manual review confirms that the
curl | python3command in the 'Quick Commands' section correctly uses the-cflag for safe JSON processing rather than executing remote script content.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): http://localhost:3000/api/search - DO NOT USE
- AI detected serious security threats
Audit Metadata