Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-observability/Gen Agent Trust Hub

customerio-observability

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data and has access to high-privilege tools, creating a potential surface for indirect prompt injection.
    • Ingestion points: The userId, attributes, and data parameters in lib/customerio-instrumented.ts and lib/logger.ts process external input.
    • Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying commands embedded in user-supplied data.
    • Capability inventory: The skill allows access to Bash(kubectl:) and Bash(curl:) as defined in SKILL.md.
    • Sanitization: The skill includes a sanitizeForLogging function in lib/logger.ts to redact sensitive fields like email, phone, and SSN from logs.
  • [COMMAND_EXECUTION]: The skill requests broad and high-privilege permissions for kubectl and curl that are not required for the observability logic provided in the instructions.
    • Evidence: The YAML frontmatter in SKILL.md specifies allowed-tools: Bash(kubectl:) and Bash(curl:).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:35 AM