axiom-sre
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a wide range of system commands and CLI tools, such as
curl,jq,git,kubectl,gh, andaws, to facilitate incident investigation and system management. - [DATA_EXFILTRATION]: Includes scripts designed to push local investigation data and knowledge base entries to remote Git repositories and Slack channels. This capability is used for synchronizing the SRE 'memory system' across a team.
- [CREDENTIALS_UNSAFE]: Orchestrates the use of sensitive API tokens and credentials for Axiom, Grafana, and Slack. These are stored in
~/.config/axiom-sre/config.toml. The skill uses specific wrappers (scripts/curl-auth) to handle these secrets without exposing them in command-line arguments. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and displays data from external sources like logs and chat history.
- Ingestion points: Telemetry and communication data enter the agent context via
axiom-query,grafana-query,sentry-api, andslack conversations.history. - Boundary markers: No explicit delimiters or instructions are used to separate untrusted data from system instructions.
- Capability inventory: The agent can execute a variety of powerful tools, including shell commands, network requests, and version control operations.
- Sanitization: External content is parsed as JSON or formatted for display without specific filtering for malicious instructions.
- Ingestion points: Telemetry and communication data enter the agent context via
Audit Metadata