creating-apm-dashboards
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts in the scripts/ directory contain functionality in the generate_script method to create shell scripts and set executable permissions via chmod 0o755. This pattern allows an AI agent to generate and subsequently execute arbitrary code.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. (1) Ingestion points: user requests for dashboard creation as defined in SKILL.md. (2) Boundary markers: absent. (3) Capability inventory: access to Bash(cmd:*), Write, and Edit tools, combined with the script generation capabilities in the provided Python scripts. (4) Sanitization: none; user-provided content is directly interpolated into shell script templates without validation or escaping.
- [PROMPT_INJECTION]: The skill contains misleading metadata; while the documentation and script headers claim to automate dashboard creation using Grafana and Datadog APIs, the implementation is limited to local file generation (Markdown, JSON, and Shell scripts).
Audit Metadata