security-generate-security-sample-data
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill requires Elasticsearch and Kibana credentials (API keys or username/password) provided via environment variables.\n
- Evidence:
ELASTICSEARCH_API_KEY,ELASTICSEARCH_PASSWORD,KIBANA_API_KEYare used ines-client.jsandkibana-client.jsto authenticate against Elastic services. This is a standard and secure practice for tools of this nature and does not involve hardcoding or exfiltrating secrets.\n- [COMMAND_EXECUTION]: The scriptdemo-walkthrough.jsuseschild_process.execto automatically open the default web browser.\n - Evidence: The
openBrowser(url)function invokes shell commands likeopen,start, orxdg-openusing a URL derived from the user-providedKIBANA_URLenvironment variable. While this uses a shell command, the intent is limited to opening a browser session for the user.\n- [SAFE]: The skill supports an insecure mode via environment variables to disable SSL certificate validation.\n - Evidence:
ELASTICSEARCH_INSECUREandKIBANA_INSECUREenvironment variables togglerejectUnauthorized: falseandNODE_TLS_REJECT_UNAUTHORIZED = '0'respectively. This is a common requirement for development and laboratory environments using self-signed certificates.\n- [SAFE]: All external communications are directed to user-configured Elasticsearch and Kibana endpoints.\n - Evidence: The skill uses the official
@elastic/elasticsearchclient library, which is a trusted dependency from the same vendor and the author of the skill.
Audit Metadata