Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/apollo-observability/Gen Agent Trust Hub

apollo-observability

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill contains no malicious code, obfuscation, or unauthorized data access patterns.
  • [DATA_EXFILTRATION]: The logging implementation specifically includes a redaction configuration for the pino logger, preventing the accidental logging of sensitive data such as api_key, email, phone, and Authorization headers.
  • [COMMAND_EXECUTION]: While the skill frontmatter requests permissions for kubectl and curl, no bash commands or subprocess executions are present in the provided source files.
  • [PROMPT_INJECTION]: The skill processes data from external API responses, creating a potential surface for indirect prompt injection, although the risk is minimal given its primary use in metrics and logging.
  • Ingestion points: src/lib/apollo/instrumented-client.ts (response headers and error objects), src/routes/health/apollo.ts (health check response).
  • Boundary markers: Absent.
  • Capability inventory: kubectl, curl, Read, Write, Edit (from frontmatter).
  • Sanitization: None; raw error messages and header values are passed directly to logging, tracing, and health check endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:12 AM