Skills
skills/grafana/gcx/import-dashboards/Gen Agent Trust Hub

import-dashboards

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gcx command-line tool to perform dashboard imports, configuration checks, and resource updates. This is intended behavior for interacting with Grafana instances.\n- [EXTERNAL_DOWNLOADS]: The skill references the grafana-foundation-sdk Go library hosted on Grafana's official GitHub repository to provide the necessary builder patterns for generated code.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from live Grafana dashboards.\n
  • Ingestion points: Data is fetched via the gcx dev import command from the Grafana K8s API endpoints (SKILL.md).\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided for the processed dashboard data.\n
  • Capability inventory: The skill utilizes gcx for network-based resource retrieval and local file system writes (SKILL.md).\n
  • Sanitization: No explicit sanitization or validation of the ingested JSON structure is described before conversion to Go code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:35 PM