observability-instrument-with-otel
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (add_tracing.py, analyze_traces.py, validate_instrumentation.py) designed to be executed via the Bash tool to modify or analyze local source code. This is the primary function of the skill and no suspicious commands were found.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because its code modification scripts process local source code.
- Ingestion points: The add_tracing.py script reads and parses local Python source files provided as command-line arguments.
- Boundary markers: No specific delimiters or instructions to ignore embedded content are used during file processing.
- Capability inventory: The script uses the ast module to parse and transform code and the open() function to write modified content back to the filesystem.
- Sanitization: Function and method names are extracted and used to construct log message strings; while these are stored as string constants in the resulting AST, they are not sanitized against potentially malicious method names in the source files.
Audit Metadata