build-grafana-dashboards
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool and instructs the user to perform file system operations in system directories such as/etc/grafana/for provisioning tasks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by allowing the ingestion of external dashboard JSON files.
- Ingestion points: The 'Inputs' section and Step 2 describe importing existing dashboard JSON for migration or modification.
- Boundary markers: No specific delimiters or warnings for embedded instructions are provided in the procedure.
- Capability inventory: The skill specifies
Bash,Write,Edit,Grep, andGlobtools, providing significant system interaction capabilities. - Sanitization: There is no evidence of validation or sanitization of ingested JSON content.
- [CREDENTIALS_UNSAFE]: The Docker Compose example in Step 6 includes a hardcoded default administrative password (
GF_SECURITY_ADMIN_PASSWORD=admin). While common for initial setup documentation, it represents a weak default credential practice.
Audit Metadata