azure-monitor-opentelemetry-ts
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): Sensitive connection strings are managed through environment variables (
process.env.APPLICATIONINSIGHTS_CONNECTION_STRING). The skill's acceptance criteria specifically flag hardcoded secrets as an anti-pattern. - [Unverifiable Dependencies] (SAFE): The skill utilizes official packages from the
@azureand@opentelemetryorganizations, which are trusted sources. All installation instructions point to standard package managers. - [Indirect Prompt Injection] (LOW): The skill establishes a pipeline for ingesting application data (logs, traces, and metrics) which could potentially contain malicious instructions if the instrumented application logs unsanitized user input.
- Ingestion points:
client.upload,span.setAttribute, and various metric recording functions inSKILL.md. - Boundary markers: No specific delimiters or "ignore instructions" warnings are included in the telemetry export examples.
- Capability inventory: The skill possesses network capabilities to transmit telemetry data to Azure Monitor endpoints.
- Sanitization: The provided examples do not demonstrate sanitization or escaping of the attributes or log messages being recorded.
Audit Metadata