worker-logs
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill instructs the agent to run 'npx khala', which downloads and executes an unverified package from the npm registry. Since 'khala' is not from a trusted organization, this constitutes an unverifiable dependency risk.
- [COMMAND_EXECUTION] (LOW): The skill requires the agent to execute shell commands (cd, npx wrangler, jq) to perform its function.
- [PROMPT_INJECTION] (LOW): The skill creates an attack surface for indirect prompt injection (Category 8) by ingesting live log data. 1. Ingestion points: STDOUT from wrangler and khala commands in SKILL.md. 2. Boundary markers: Absent; there are no instructions to the agent to treat log data as untrusted or to use delimiters. 3. Capability inventory: The agent can execute shell commands and read file system structures. 4. Sanitization: Absent; no filtering or escaping is applied to the log content before it enters the agent's context.
- [DATA_EXFILTRATION] (SAFE): While the skill involves inspecting sensitive logs and headers like 'X-OA-Internal-Key', it includes specific instructions to avoid logging actual secret values and provides no automated way to exfiltrate the data.
Audit Metadata