Skills
skills/grafana/skills/testing/Gen Agent Trust Hub

testing

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Employs curl and k6 commands to interact with Grafana Cloud services for managing synthetic probes and running load tests. These are standard operational procedures for the services described.
  • [EXTERNAL_DOWNLOADS]: References official and trusted dependencies, including Node.js SDKs (@grafana/faro-web-sdk, @grafana/faro-web-tracing) and GitHub Actions (grafana/k6-action), all originating from the vendor's official repositories.
  • [DATA_EXFILTRATION]: Transmits monitoring configuration, performance metrics, and application telemetry to legitimate Grafana Cloud collector endpoints (grafana.net, k6.io).
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external targets during testing (e.g., HTTP response bodies, console logs, and error messages), creating a potential surface for indirect prompt injection.
  • Ingestion points: Synthetic Monitoring HTTP check responses, k6 script response bodies, and Faro frontend console/error capture.
  • Boundary markers: None provided.
  • Capability inventory: Execution of curl and k6 CLI tools via shell subprocesses.
  • Sanitization: No explicit sanitization or filtering of ingested external content is documented in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 02:47 AM