kibana-vega
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation and CLI error messages recommend downloading a setup script from the official domain at
https://elastic.co/start-localto configure a local development environment. - [REMOTE_CODE_EXECUTION]: Instructions are provided to pipe a remote setup script to the shell. This is a standard and documented procedure for installing the official Elastic local stack.
- [COMMAND_EXECUTION]: Includes a Node.js CLI script (
scripts/kibana-vega.js) designed to perform administrative operations on Kibana saved objects via API requests. - [CREDENTIALS_UNSAFE]: Authentication is managed through user-provided environment variables such as
KIBANA_API_KEY. No hardcoded secrets are present in the skill; only placeholders are used for instruction.
Audit Metadata