logging-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- PROMPT_INJECTION (SAFE): The instructions focus exclusively on logging patterns and code structure. No attempts to override agent behavior, bypass safety filters, or extract system prompts were found.
- DATA_EXFILTRATION (SAFE): The skill recommends logging environment metadata such as commit hashes, service versions, and AWS regions for debugging purposes. This is industry-standard practice for observability. No patterns involving access to sensitive files (e.g., .ssh, .aws/credentials) or exfiltration to external domains were identified.
- EXTERNAL_DOWNLOADS (SAFE): Referenced links point to reputable sources like the Stripe engineering blog and the author's personal technical blog. The mention of the 'pino' logging library is a common and safe recommendation for Node.js developers.
- REMOTE_CODE_EXECUTION (SAFE): No instances of dynamic code execution (eval, exec), shell piping of remote scripts, or runtime compilation of untrusted code were found.
- NO_CODE (SAFE): The skill primarily consists of markdown documentation and code snippets intended for the agent to use as templates for generating safe, structured logging code.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata