grafana-observability
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the Grafana MCP server from the official repository via
uvx mcp-grafana. - [COMMAND_EXECUTION]: Executes shell commands to launch the MCP transport layer and perform observability queries.
- [PROMPT_INJECTION]: Risk of indirect prompt injection exists because the skill ingests untrusted data from external sources including Loki logs, Prometheus metrics, and alert descriptions.
- Ingestion points: Grafana API endpoints for logs, dashboards, and alerts.
- Boundary markers: Not specified in the skill instructions.
- Capability inventory: Includes dashboard modification, alert management, and incident creation tools.
- Sanitization: No explicit sanitization or instruction-escaping logic is defined for the ingested data.
Audit Metadata