logging-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- Indirect Prompt Injection (SAFE): The skill documents patterns for logging untrusted data from request bodies and error messages, which technically establishes an ingestion surface for indirect prompt injection if the logs are later processed by an AI agent.
- Ingestion points: Found in
rules/wide-events.md(c.req.json(),error.message) andrules/structure.md(user-agent). - Boundary markers: None present in the provided educational code snippets.
- Capability inventory: The skill is documentation-only and does not possess internal capabilities to execute commands or write files.
- Sanitization: Not included in the snippets, as the focus is on structure rather than security filtering.
- Data Exposure & Exfiltration (SAFE): The skill guidelines suggest logging business-specific metadata and environment variables (e.g.,
process.env.COMMIT_SHA) for observability. This is standard architectural practice and does not constitute a vulnerability or unauthorized data access within the context of the skill. - False Positive Alert (SAFE): The automated URLite scanner flagged 'logger.info' as a malicious URL. Technical verification confirms this is a benign TypeScript/JavaScript method call for the
pinologger and does not represent a network request or a malicious domain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata