aiops
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The AutomationEngine class in aiops/automation/engine.py executes system commands using asyncio.create_subprocess_exec. Specifically, it runs kubectl commands to scale, restart, patch, and isolate Kubernetes resources. While these are intended for self-healing, they represent a significant capability for infrastructure modification that should be audited against the agent's permissions.
- [EXTERNAL_DOWNLOADS]: The DatadogDataSource and other integration classes in aiops/integrations/monitoring.py use aiohttp to make network requests to external APIs including Datadog, Prometheus, Loki, and Jaeger. This is consistent with the skill's purpose but involves outbound network activity.
- [PROMPT_INJECTION]: The AILogAnalyzer class in aiops/ml/anomaly_detection.py ingests and processes raw log data from external sources. This presents an indirect prompt injection surface where malicious instructions embedded in log messages could influence the agent's downstream behavior or reporting.
- [CREDENTIALS_UNSAFE]: The DatadogDataSource class expects an api_key and app_key. While no secrets are hardcoded in the provided text, the design relies on the handling of sensitive credentials for third-party monitoring services.
Audit Metadata