Skills
skills/hack23/riksdagsmonitor/Logging and Monitoring for Agentic Workflows/Gen Agent Trust Hub

Logging and Monitoring for Agentic Workflows

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references several standard libraries and tools for observability.
  • Utilizes well-known packages such as Winston for logging, AWS SDK for S3 storage, and OpenTelemetry for tracing.
  • References the mxschmitt/action-tmate GitHub Action for interactive debugging, which is a common utility in the GitHub Actions ecosystem.
  • [DATA_EXFILTRATION]: The skill documents patterns for transmitting data to external monitoring and alerting services.
  • Includes code for uploading logs to Amazon S3 buckets for centralized storage.
  • Provides implementation details for sending alerts to Slack webhooks and via SMTP (Nodemailer).
  • Mitigation: The skill proactively addresses data exposure risks by including a sanitizeParams function that redacts sensitive keys like token, password, secret, and api_key before they are logged or transmitted.
  • [COMMAND_EXECUTION]: The skill utilizes scripts and GitHub Actions commands to automate monitoring tasks.
  • Employs actions/github-script to calculate workflow metrics and manage GitHub issues for alerting.
  • Uses the action-tmate utility for debugging purposes, which is configured with limit-access-to-actor: true to ensure only the authorized user can access the session.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 11:07 PM