Skills
skills/dykyi-roman/awesome-claude-code/discover-project-logs/Gen Agent Trust Hub

discover-project-logs

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill operates as a read-only tool for identifying log file paths using standard file system and container utilities.
  • [COMMAND_EXECUTION]: The skill utilizes standard CLI commands such as docker logs and docker compose logs to retrieve information from containerized environments. These are common administrative operations used appropriately for log discovery.
  • [DATA_EXFILTRATION]: The skill involves reading .env and framework configuration files (e.g., logging.php, monolog.yaml). While these files can contain sensitive information, the instructions specifically target log-related configuration keys like LOG_CHANNEL and LOG_PATH. No evidence of data exfiltration or hardcoded credentials was found.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes untrusted project files and log content.
  • Ingestion points: Project configuration files (e.g., composer.json, .env, logging.php, monolog.yaml) and discovered log files.
  • Boundary markers: No specific boundary markers or delimiters are defined to isolate or sanitize untrusted content during processing.
  • Capability inventory: The skill utilizes Glob, Grep, Read, and Bash tools to perform its discovery logic.
  • Sanitization: The instructions do not specify any validation or sanitization of the ingested file content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 09:59 AM