Skills
skills/elastic/agent-skills/kibana-vega/Gen Agent Trust Hub

kibana-vega

Fail

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes a setup script from the vendor's official domain (elastic.co/start-local) to spin up local instances of Elasticsearch and Kibana via the shell. This is a vendor-provided installation method.
  • [COMMAND_EXECUTION]: Provides a CLI tool (scripts/kibana-vega.js) that performs CRUD operations on Kibana saved objects using the Node.js fetch API and processes local or piped configuration files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted visualization specs and ES|QL queries.
  • Ingestion points: readStdin() and readFileSync() in scripts/kibana-vega.js read user-provided JSON/HJSON content.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the processed specs.
  • Capability inventory: The skill has the capability to perform network requests to the Kibana API to create, update, or delete visualizations and dashboards.
  • Sanitization: Relies on standard JSON.parse() and hjson.parse(), which do not filter for malicious instructions within the data fields.
  • [CREDENTIALS_UNSAFE]: References the configuration of sensitive credentials (API keys, passwords) via environment variables for Kibana authentication. It includes an option to disable TLS certificate verification (KIBANA_INSECURE="true") for development, which is a security risk in production environments.
Recommendations
  • HIGH: Downloads and executes remote code from: https://elastic.co/start-local - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 04:50 PM