implementing-observability
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The docker-compose configuration in 'examples/lgtm-docker-compose/README.md' uses a hardcoded default password ('admin') for the Grafana administrative account.
- CREDENTIALS_UNSAFE (HIGH): The Grafana service is configured to allow anonymous users to log in with full 'Admin' privileges ('GF_AUTH_ANONYMOUS_ORG_ROLE=Admin'), posing a critical risk of unauthorized access and privilege escalation.
- EXTERNAL_DOWNLOADS (LOW): The 'scripts/validate_metrics.py' script uses the 'requests' library to fetch data from user-supplied endpoints without input validation, creating a potential SSRF (Server-Side Request Forgery) vulnerability surface.
- DATA_EXFILTRATION (LOW): Application telemetry in 'examples/fastapi-otel/main.py' is configured to be sent over insecure (unencrypted) channels ('insecure=True'), which could lead to sensitive trace data or metadata being exposed on the network.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata