Skills
skills/cosmix/claude-loom/grafana/Gen Agent Trust Hub

grafana

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection. The skill provides instructions for ingesting and processing external data (Loki logs, Tempo traces) that are attacker-controllable. Combined with high-privilege tool access (Bash, Write), this creates an exploitation path if the agent or user blindly trusts content from logs/traces. 1. Ingestion points: Loki log streams and Tempo trace metadata. 2. Boundary markers: Not present; no instructions provided to ignore or sanitize embedded commands within the data. 3. Capability inventory: Bash, Write, Edit, Grep, Glob, Read. 4. Sanitization: Not present.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 06:39 AM