elasticsearch-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface Detection.
- Ingestion points: Data retrieved from Elasticsearch clusters via search queries (
es.search) and bulk operations documented inSKILL.md. - Boundary markers: Absent; the provided code snippets do not implement delimiters or ignore-instructions to isolate untrusted search data from the agent's prompt context.
- Capability inventory: The skill's metadata requests high-privilege tool access including
Bash(*),Write, andEdit. - Sanitization: Absent; the examples demonstrate data retrieval and indexing without explicit sanitization or filtering of content from external sources.
Audit Metadata