observability-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The skill references standard Node.js observability packages including @opentelemetry suite, prom-client, and pino. These are well-established libraries for tracing, metrics, and logging.
- [DATA_EXFILTRATION] (SAFE): Analysis of the networking and logging code shows only local metric exposition (/metrics) and standard structured logging to stdout. No sensitive data exfiltration to external domains was detected.
- [INDIRECT_PROMPT_INJECTION] (INFO): The skill implements middleware that ingests untrusted HTTP request data (paths, methods) for instrumentation. While this is an ingestion surface, the downstream capabilities are limited to metrics counters and structured logging, posing negligible risk in the context of this skill's design.
- [FALSE POSITIVE ANALYSIS]: An automated scanner flagged 'logger.info' as a malicious URL. This is a false positive caused by a regex collision on the code function call 'logger.info(...)'. No malicious domains are present in the code.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata