project-observability-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill implements a workflow that ingests untrusted data from a user's project directory, creating a vulnerability surface for indirect prompt injection.\n
- Ingestion points: The workflow (Steps 1-5) specifically scans files, dependencies, frameworks, and API endpoints within the project being analyzed.\n
- Boundary markers: The skill lacks explicit instructions or delimiters to help the agent distinguish between project data and instructions embedded within that data.\n
- Capability inventory: The skill possesses significant capabilities, including generating new source code (otel-instrumentation.js) and modifying configuration files (docker-compose.yml).\n
- Sanitization: There is no evidence of sanitization or validation of the content extracted from the scanned files before it is interpolated into recommendations or generated files.\n- [No Code] (SAFE): The skill consists only of instructional markdown and does not include any executable scripts, binary files, or external dependency manifests, reducing the risk of direct malicious code execution.
Audit Metadata