Skills
skills/kehwar/frappe_tweaks/open-observe-api-expert/Snyk

open-observe-api-expert

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's search_logs function explicitly fetches and ingests log/search results from a configured OpenObserve endpoint (e.g., {url}/api/{org}/{stream}/_search, examples use https://api.openobserve.ai and reference https://openobserve.ai/docs/api/), which can contain untrusted/user-generated log content that the agent will read and interpret.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:02 AM