agent-telemetry
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill promotes the creation of unauthenticated HTTP endpoints (
/__dev/logs) to expose application logs to AI agents. - Evidence:
references/dev-endpoint.mdprovides implementation patterns for Next.js, Express, and Rails that serve the contents oflogs/app.jsonover HTTP without authentication. - Risk: Although the skill mandates that these endpoints be disabled in production, any exposure of the development environment (e.g., via port forwarding or public dev servers) would grant unauthorized access to internal application logs, which may contain sensitive metadata or PII if not properly redacted.
- [PROMPT_INJECTION] (LOW): The skill creates a surface for indirect prompt injection by encouraging agents to ingest and act upon application logs.
- Ingestion points:
logs/app.json(local file) and/__dev/logs(HTTP endpoint). - Boundary markers: The skill suggests a structured JSON format but does not recommend specific delimiters or instruction-guarding techniques to prevent the LLM from obeying instructions embedded in log messages.
- Capability inventory: The skill is designed for "coding agents" which typically possess broad capabilities including file system access and shell execution.
- Sanitization: While the skill advises redacting PII in its anti-patterns, it lacks guidance on sanitizing log content against malicious instructions injected via user-controlled fields (e.g., request paths or error messages).
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, industry-recognized logging libraries.
- Evidence: Recommends installation of
pino,pino-http,lograge, andstructlogfrom official registries. - [TRUST-SCOPE-RULE]: These are trusted dependencies and the skill's own implementation of them does not introduce high-risk command execution or network patterns.
Audit Metadata