otel-instrumentation
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill handles external data, creating a surface for indirect prompt injection. * Ingestion points: User-supplied code in SKILL.md and documentation content fetched via WebFetch from opentelemetry.io. * Boundary markers: None; the instructions do not use specific markers to delineate untrusted content. * Capability inventory: The skill is restricted to WebFetch and WebSearch tools as defined in the YAML frontmatter. * Sanitization: There is no explicit sanitization of the content fetched from external sources or provided by the user.
- [DATA_EXFILTRATION]: Performs network operations using WebFetch to retrieve documentation from opentelemetry.io. This is a well-known service, and the operations are necessary for the skill's primary research functionality.
- [COMMAND_EXECUTION]: Contains scripts for local installation and uninstallation (scripts/install.js and scripts/uninstall.js) that manage local files. These scripts are used for deployment and perform standard, safe operations.
Audit Metadata