install-firetiger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by extracting project metadata (like service names from package.json) and interpolating them into generated code templates without sanitization or boundary markers. \n
- Ingestion points: Reads project files package.json, pyproject.toml, go.mod, and Cargo.toml in SKILL.md Step 2 to derive the service name. \n
- Boundary markers: Absent; the extracted service name is directly inserted into code templates via the {{SERVICE_NAME}} placeholder. \n
- Capability inventory: The skill has the capability to install packages and write/modify instrumentation files across multiple languages as described in SKILL.md Step 4 and Step 5. \n
- Sanitization: No sanitization or validation of the extracted service name is performed before it is used in the template. \n- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs standard, well-known OpenTelemetry packages from official language registries (npm, PyPI, Go, Cargo). These are trusted libraries for observability and monitoring. \n- [CREDENTIALS_UNSAFE] (SAFE): Credentials (Ingest URL and Auth Header) are retrieved via an MCP tool and used to configure telemetry exporters. While this involves writing credentials to local files, it is consistent with the intended setup process and does not involve hardcoded secrets within the skill itself. \n- [DATA_EXFILTRATION] (SAFE): The skill configures the export of telemetry data (traces, metrics, logs) to a user-defined Firetiger ingest endpoint. This is the primary function of the skill and is fully disclosed in the documentation.
Audit Metadata