elasticsearch-esql
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for setting up a local Elasticsearch environment using a shell script downloaded from the author's official domain (elastic.co). As this resource is provided by the legitimate vendor for setup purposes, it is documented neutrally.
- [COMMAND_EXECUTION]: The skill's primary functionality is implemented through a Node.js script (scripts/esql.js) that is executed locally to perform queries against an Elasticsearch cluster via its REST API.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and formats data from Elasticsearch indices. If the queried indices contain data from untrusted users (such as log messages or document content), it could introduce malicious instructions into the agent's context.
- Ingestion points:
scripts/esql.jsretrieves results viaclient.esql.query. - Boundary markers: The script does not utilize specific delimiters to isolate query results from instructions.
- Capability inventory: The skill has the ability to perform network requests to the configured Elasticsearch URL.
- Sanitization: Output is formatted as a text table or tab-separated values (TSV) without content filtering.
Recommendations
- HIGH: Downloads and executes remote code from: https://elastic.co/start-local - DO NOT USE without thorough review
Audit Metadata