metrics-collector
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill content.
- [DATA_EXFILTRATION]: The skill interacts with Supabase, a well-known service, for metrics storage. No hardcoded credentials or access to sensitive files were detected.
- [PROMPT_INJECTION]: The skill defines an ingestion surface for untrusted data via metric labels (e.g., request routes, methods). (1) Ingestion points: 'labels' parameter in the MetricsRegistry class methods within SKILL.md. (2) Boundary markers: None explicitly defined for label values. (3) Capability inventory: Database read/write operations via the Supabase client; no shell command execution or direct file system access is provided. (4) Sanitization: The implementation uses the Supabase client library, which handles parameterization for database operations.
Audit Metadata