splunk-platform
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill strongly emphasizes security best practices for Splunk integration, specifically advising against hardcoding credentials and recommending environment variables for authentication across Python and JavaScript SDKs.
- [SAFE]: Includes a dedicated reference for Model Context Protocol (MCP) integration that focuses on AI safety, recommending read-only-by-default tools, SPL validation allowlists, and output sanitization to prevent unintended data exposure or side effects.
- [SAFE]: Categorizes Splunk Search Processing Language (SPL) commands into safe, read-only defaults for discovery and audit, while explicitly flagging side-effecting commands (e.g.,
delete,outputlookup) for careful escalation and gating. - [SAFE]: Directs users toward official and well-known industry tooling, such as the Splunk Python SDK (
splunklib), the UCC Framework for add-on development, and official Ansible roles for platform administration. - [SAFE]: Provides guidance for reproducible app packaging and validation (AppInspect), ensuring that developed artifacts meet platform security and hygiene standards before distribution.
Audit Metadata