openlogs-server-logs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
openlogsandolCLI tools. Specifically, it encourages runningtailcommands and starting development servers through subcommands likebun devandnpm run dev(found inSKILL.md). - [COMMAND_EXECUTION]: There is a potential risk of command injection if the agent interpolates user-supplied queries directly into the shell command
openlogs tail <query>. If the agent does not properly escape the query parameter, it could lead to arbitrary command execution. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it reads and analyzes raw server logs which may contain data from untrusted external sources (e.g., malicious strings in HTTP headers or request bodies logged by a web server).
- Ingestion points: Server logs accessed via
openlogs tailcommand output and the.openlogs/latest.txtfile (referenced inSKILL.md). - Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the log data.
- Capability inventory: The agent can execute shell commands (
openlogs tail,ol tail,openlogs bun dev) and read local files. - Sanitization: Absent; the instructions do not specify any filtering or escaping of log content before interpretation.
- [DATA_EXPOSURE]: The skill accesses sensitive local file paths (e.g.,
.openlogs/latest.txt). Server logs often contain sensitive technical data, including stack traces, environment variables, or session information, which the agent is directed to summarize and quote.
Audit Metadata