log-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted external data in the form of system and application logs.
- Ingestion points: Reads log files from
/var/log/,./logs/, andunity-mcp: read_consoleoutput. - Boundary markers: The instructions do not define specific delimiters (e.g., XML tags or triple backticks) to separate log content from the agent's instructions, which may lead the agent to inadvertently follow commands embedded within logs.
- Capability inventory: The skill uses tools like
Read,Grep, andGlob, and integrates withbmad-gds-create-story, which represents a downstream write capability. - Sanitization: While the skill mandates masking passwords and tokens, it does not include instructions to ignore or escape prompt-like strings found within the logs.
- [SAFE]: The skill includes strong security constraints, specifically prohibiting the modification of log files and the external exposure of sensitive information. It also explicitly instructs the agent to mask credentials discovered during analysis.
- [SAFE]: All external references, such as the GNU Grep manual, GAWK guide, and Loggly documentation, point to well-known and trusted educational resources.
Audit Metadata