monitoring-observability
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches documentation and resources from well-known services including Prometheus, Grafana, and Google SRE.
- [PROMPT_INJECTION]: The skill incorporates a surface for indirect prompt injection by processing untrusted data from HTTP requests for monitoring and logging purposes.
- Ingestion points: HTTP request properties such as
req.path,req.method,req.ip, anduserAgentare processed in the instrumentation and logging middleware inSKILL.md. - Boundary markers: Not present for the ingested request data.
- Capability inventory: The skill performs logging to the local file system via Winston and exposes metrics on a network endpoint; it does not utilize high-risk capabilities like remote code execution or subprocess spawning.
- Sanitization: The skill uses structured JSON formatting for logs but does not explicitly demonstrate sanitization of the values within the request data.
Audit Metadata