observability-logs-search
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted log data from an external environment, creating an attack surface for indirect prompt injection where malicious instructions in logs could influence agent behavior.
- Ingestion points: Log data is ingested into the agent context through the fork3 (samples), fork4 (common patterns), and fork5 (rare patterns) branches of the ES|QL queries defined in SKILL.md.
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specific ignore-instructions when handling the retrieved log messages.
- Capability inventory: The agent has the capability to perform further network-based tool calls (Elasticsearch queries) and summarize findings based on the content of these logs.
- Sanitization: Absent. Log messages and patterns are processed as raw text strings without validation or escaping of potential instructions.
Audit Metadata