agent-telemetry
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs agents to query application logs, which are an ingestion point for untrusted data. Malicious users can inject instructions into logs (e.g., via User-Agent strings or request parameters) that may influence an agent when it parses them during debugging.
- Ingestion points: Agents read
logs/app.jsonthrough shell tools or a development REST endpoint. - Boundary markers: Absent; suggested documentation does not provide delimiters to isolate log content from system instructions.
- Capability inventory: Agents are permitted to execute shell commands (
grep,tail,jq) and perform network queries. - Sanitization: While the skill emphasizes redacting PII for privacy, it does not provide mechanisms to sanitize log entries for prompt injection patterns.
- [Data Exposure & Exfiltration] (SAFE): The skill recommends an unauthenticated
/__dev/logsendpoint for development convenience. This is mitigated by explicit requirements to disable the endpoint in production and instructions to redact sensitive fields like tokens and passwords. - [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill suggests installing reputable and standard libraries such as
pino,structlog, andlograge. These are considered low risk under the trusted source guidelines.
Audit Metadata