Grafana Dashboard Sync Agent
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The provided file contains only descriptive documentation and installation commands. No executable scripts, logic, or code are present in the skill definition for security auditing.
- [PROMPT_INJECTION]: The skill metadata contains a "verification: security_reviewed" claim. This is an unverifiable self-claim that may deceptively influence the agent's or user's assessment of the skill's safety.
- [PROMPT_INJECTION]: The skill is designed to synchronize dashboards from external instances, creating an indirect prompt injection surface.
- Ingestion points: Dashboard JSON configurations, panel metadata, and variable definitions fetched from external Grafana HTTP APIs.
- Boundary markers: Absent; there are no instructions provided to ensure the agent ignores or sanitizes embedded instructions within the dashboard data.
- Capability inventory: The skill possesses capabilities for folder management, dashboard provisioning, and remapping datasource configurations.
- Sanitization: Absent; the documentation does not describe any methods for validating or escaping external content before interpolation into the agent's context.
Audit Metadata