loki
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads Loki and Promtail binaries from Grafana's official GitHub repository (github.com/grafana/loki). Grafana is a well-known service, and these downloads are standard for the tool's installation.
- [COMMAND_EXECUTION]: Utilizes
sudofor system-level tasks including creating dedicated users, managing file permissions, and installing systemd service units. These actions are necessary and standard for the described purpose of setting up a logging infrastructure. - [REMOTE_CODE_EXECUTION]: An automated analysis flagged a command piping network output to Python. Manual review confirms the command
curl -s http://localhost:9080/targets | python3 -m json.tooltargets a local service endpoint and uses the standard Python JSON formatting module. This is a common and safe administrative practice for inspecting JSON data. - [DATA_EXFILTRATION]: Instructions involve reading local log files and service configurations. No evidence of unauthorized network transmission or exfiltration of sensitive credentials or system data was detected.
Audit Metadata