grafana-dashboard
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The 'grafana-api-client.js' script uses the 'axios' library to perform network requests to a user-defined 'baseUrl'. This constitutes a network operation to a non-whitelisted domain, though it is the primary intended function of the client.
- Indirect Prompt Injection (LOW): The skill creates a surface for indirect prompt injection as it facilitates the creation of dashboards and alerts based on input data.
- Ingestion points: The 'createDashboard' and 'createAlert' methods in 'grafana-api-client.js' ingest JSON-formatted data.
- Boundary markers: No boundary markers or 'ignore' instructions are provided in the templates to mitigate against malicious instructions embedded in dashboard JSON.
- Capability inventory: The skill allows writing and overwriting dashboards and alerts via the Grafana API.
- Sanitization: No input sanitization or validation is performed on the dashboard/alert objects before they are sent to the API.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references 'axios', a well-known and trusted Node.js package. No suspicious download or execution patterns were detected.
Audit Metadata