grafana-billing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected.
- Ingestion points: Metric names and label values are fetched from external Grafana/Prometheus APIs in
scripts/prometheus_metrics.pyandscripts/loki_metrics.py. - Boundary markers: Absent; external data is displayed in the console without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill is read-only; it lacks dangerous capabilities such as file system modification, subprocess execution, or dynamic code evaluation.
- Sanitization: Absent; external content is not escaped or validated before being printed or returned as JSON.
- [DATA_EXFILTRATION] (LOW): Network operations to non-whitelisted domains.
- Evidence:
scripts/grafana_client.pyhardcodes and makes requests to AWS Managed Grafana endpoints (*.grafana-workspace.us-east-1.amazonaws.com) which are not on the trusted domain whitelist. These are consistent with the skill's stated purpose.
Audit Metadata