logging
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown documentation and TypeScript code snippets intended as implementation examples for developers. It does not contain any executable scripts, tool definitions, or shell commands.
- [SAFE]: No security threats were identified. The guidelines promote structured logging and observability conventions which are standard development practices.
- [PROMPT_INJECTION]: Indirect Prompt Injection analysis (Category 8):
- Ingestion points: The guidelines suggest logging request-related data such as
path,errorMessage, anduserId, which may contain untrusted user-provided content. - Boundary markers: The documentation does not provide specific instructions for using delimiters or boundary markers when logging these fields.
- Capability inventory: The skill itself has no execution capabilities (subprocess, network, file-write).
- Sanitization: No sanitization or escaping protocols are mentioned for the data being logged.
Audit Metadata