log-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is vulnerable to path traversal because it resolves and reads files from an arbitrary path provided via the
inputargument without validation or restriction to a specific directory. This could allow an attacker to read sensitive system files (e.g.,/etc/passwd,.envfiles, or SSH keys) if the agent is directed to those paths. - [PROMPT_INJECTION]: The skill processes external log data which is considered untrusted. This creates a surface for indirect prompt injection as the content is returned to the agent's context without sanitization or protective boundary markers.
- Ingestion points: Log file content is read in
src/index.tsvia theinputargument. - Boundary markers: None identified. Content is returned directly as a string.
- Capability inventory: The skill has filesystem read capabilities via
fs.readSyncinsrc/lib.ts. - Sanitization: The skill performs JSON validation if requested, but does not sanitize the text content for malicious instructions or escape special characters before returning data to the agent context.
Audit Metadata