otel-collector
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several external resources for installation and deployment, including official Helm charts and GitHub releases. These resources originate from the skill's author (Dash0) or the official OpenTelemetry project (open-telemetry), which are trusted sources.
- Fetches the OpenTelemetry Collector Helm chart from the official OpenTelemetry GitHub organization.
- References the Dash0 Kubernetes Operator from the author's official GitHub repository.
- Directs users to download the cert-manager and OpenTelemetry Operator manifests from their respective official GitHub releases.
- [CREDENTIALS_UNSAFE]: The skill demonstrates excellent security posture regarding credentials. It uses placeholders like
<AUTH_TOKEN>and<OTLP_ENDPOINT>in examples and explicitly instructs users to avoid hardcoding secrets, recommending the use of environment variables and Kubernetes Secrets instead. - [COMMAND_EXECUTION]: Provides standard shell commands for Kubernetes management (kubectl), package management (helm), and development (go install). These commands are consistent with the skill's primary purpose of infrastructure configuration and are intended for user execution.
- [INDIRECT_PROMPT_INJECTION]: As an advisory skill, it processes user queries about telemetry pipelines. It does not possess any autonomous capabilities to execute generated configurations on the agent's system, and its instructions are focused on providing standard, safe configuration patterns.
Audit Metadata