Skills
skills/ollygarden/opentelemetry-agent-skills/telemetrygen/Gen Agent Trust Hub

telemetrygen

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes recipes for mutual TLS (mTLS) configuration that require accessing sensitive local files, such as client certificates and private keys, using the --client-cert and --client-key flags.
  • [COMMAND_EXECUTION]: The skill provides templates to run the telemetrygen utility, which is capable of generating significant network traffic and could be used for load testing or potential service disruption if misconfigured.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted user input directly into command-line arguments. 1. Ingestion points: User-provided telemetry attributes, service names, and log bodies (SKILL.md). 2. Boundary markers: Absent; the instructions do not use delimiters or provide warnings to ignore embedded instructions in the data. 3. Capability inventory: Execution of the telemetrygen binary via the shell (SKILL.md). 4. Sanitization: Absent; the skill does not specify any validation or escaping of user-provided strings before they are used in commands.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install telemetrygen from the official OpenTelemetry project repositories on GitHub and the GitHub Container Registry.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 07:47 AM