opentelemetry
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to run Docker containers with the
--privilegedflag and sensitive host path mounts (e.g.,/sys/kernel/security). This is required for eBPF-based instrumentation with tools like Grafana Beyla, but it grants the container significant control over the host kernel. - [EXTERNAL_DOWNLOADS]: Fetches configuration files and official binaries from well-known sources, including the OpenTelemetry project's GitHub releases for the collector and Grafana's official repositories for the Java instrumentation agent.
- [REMOTE_CODE_EXECUTION]: Instructs on downloading a JAR file and executing it as a JVM agent (
-javaagent), and provides a workflow to download, extract, and run theotelcol-contribbinary from GitHub releases. - [CREDENTIALS_UNSAFE]: Includes examples of generating authentication headers by base64-encoding Grafana Cloud API tokens in the terminal. While following standard OTLP requirements, these examples involve handling sensitive credentials in shell commands which can be recorded in history.
Audit Metadata