observability-logs-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains no executable code or scripts, only markdown instructions and configuration templates for interacting with an established API.
- [DATA_EXFILTRATION]: The skill describes how to query log data from 'logs-*' indices. This behavior is the primary intended function of the skill and is handled via standard authenticated API calls to the vendor's platform.
- [PROMPT_INJECTION]: While the skill ingests external data (logs), which is a common surface for indirect prompt injection, it includes mitigation strategies such as context minimization through field filtering ('KEEP' clause) and summarizing only final results.
- Ingestion points: Log messages and metadata from 'logs-*' indices.
- Boundary markers: None explicitly defined for log record separators, but the 'funnel' logic isolates relevant data.
- Capability inventory: Restricted to 'POST /_query' API calls; no system-level execution or file system access is indicated.
- Sanitization: Recommends using 'KEEP' to limit field exposure and summarizes narrowed results to reduce context pollution.
Audit Metadata