otel-instrumentation
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download official OpenTelemetry components, such as the .NET auto-instrumentation script and the Java agent, from the official OpenTelemetry GitHub organization. These are well-known and verified sources in the observability domain.
- [COMMAND_EXECUTION]: The documentation includes standard shell commands for package management (npm, pip, composer, bundle) and for running applications with OpenTelemetry instrumentation enabled. These are intended as educational implementation steps for the user.
- [DATA_EXFILTRATION]: The skill guides users on how to configure OTLP endpoints and authentication tokens. It provides proactive security advice, warning about the risks of exposing authentication tokens in client-side (browser) code and providing remediation through limited-scope tokens.
- [CREDENTIALS_UNSAFE]: Analysis found no hardcoded credentials. The skill uses descriptive placeholders like
YOUR_AUTH_TOKENand provides best-practice guidance for managing secrets via environment variables and Kubernetes secrets.
Audit Metadata