observability-pattern-detector
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted external content derived from telemetry logs.
- Ingestion points:
SKILL.mddefines operations that query{job="claude_code_enhanced", event_type="user_prompt"}, meaning user-controlled strings are ingested into the agent's context. - Boundary markers: Absent. There are no delimiters or system-level instructions provided to the agent to treat the telemetry data as potentially adversarial.
- Capability inventory: The skill references shell scripts (
scripts/detect-failures.sh, etc.) and produces reports intended to influence agent behavior (e.g., 'recommendations' in the example output). - Sanitization: None. The LogQL queries pipe raw telemetry data into JSON objects for analysis.
- Unverifiable Components (MEDIUM): The skill documentation lists five shell scripts in the
scripts/directory that are necessary for operation but were not provided for analysis. This prevents verification of how the telemetry data is handled at the OS level.
Audit Metadata