observability-stack-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): SKILL.md triggers execution of local scripts (scripts/setup-stack.sh, scripts/verify-health.sh) which use docker compose to manage system services.
- [PRIVILEGE_ESCALATION] (HIGH): SKILL.md troubleshooting guidance includes sudo lsof and sudo kill, encouraging unsafe root-level command patterns.
- [DATA_EXPOSURE] (MEDIUM): SKILL.md explicitly configures the stack to capture and store sensitive information including full user prompts and file paths without redaction.
- [INDIRECT_PROMPT_INJECTION] (HIGH): SKILL.md ingestion point: references/ directory contains config and dashboard files. Boundary markers: Absent. Capability inventory: Subprocess calls via docker compose and curl. Sanitization: Absent. Malicious configs could lead to unauthorized command execution.
Recommendations
- AI detected serious security threats
Audit Metadata