Skills
skills/bagelhole/devops-security-agent-skills/ebpf-observability/Gen Agent Trust Hub

ebpf-observability

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo for administrative tasks such as installing packages, configuring kernel parameters via sysctl, mounting the BPF filesystem, and executing kernel tracing tools like bpftrace and bpftool. These operations are standard requirements for eBPF development and observability tasks.
  • [EXTERNAL_DOWNLOADS]: Fetches binaries and configuration files from trusted sources, including official GitHub repositories for Cilium, Tetragon, and Aqua Security. It also references official Helm registries for Grafana, Parca, and Cloudflare to deploy observability infrastructure.
  • [DATA_EXFILTRATION]: Provides examples of monitoring access to sensitive system paths (e.g., /etc/shadow, /etc/kubernetes/pki, and SSH directories) as part of Tetragon security observability policies. It also includes a documentation placeholder command for streaming aggregated security logs to a private SIEM endpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 02:05 PM