ml-anomalies
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an observability analyst processing data from external sources such as K8s metrics, APM latency, and log rates through Elastic ML indexes. This creates a surface for indirect prompt injection where malicious content embedded in logs or metrics could influence agent behavior.
- Ingestion points: The tool queries data from
.ml-anomalies-*indexes, which aggregate potentially untrusted data from various signal domains (SKILL.md). - Boundary markers: The skill does not define explicit delimiters or instructions to ignore commands within the retrieved anomaly records.
- Capability inventory: The agent has access to tools for querying anomalies (
ml-anomalies), observing signals (observe), and assessing infrastructure impact (k8s-blast-radius,apm-service-dependencies). - Sanitization: There is no mention of sanitization or validation performed on the fields retrieved from the ML records before they are processed by the agent.
Audit Metadata