observability
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill implements standard observability patterns without malicious intent or risky operations.
- [EXTERNAL_DOWNLOADS]: The skill utilizes several well-known industry-standard libraries for observability and error tracking, including Pino, OpenTelemetry, and Sentry. These dependencies are fetched from public registries.
- [DATA_EXFILTRATION]: The code includes a redaction configuration for the Pino logger to prevent sensitive information like passwords and tokens from being stored in logs. Telemetry data is sent to user-configured endpoints (OpenTelemetry, Sentry) via environment variables.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from HTTP requests (headers, paths, user objects) and error messages for logging and tracing. 1. Ingestion points:
req.headers,req.path,req.user,error.messagein SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Metrics collection and telemetry transmission to configured sinks; no subprocesses or file system writes. 4. Sanitization: Explicit redaction of credentials and tokens is implemented in the logger configuration.
Audit Metadata