correlate-observability-signals
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate technical documentation and configuration templates for metrics, logs, and traces. No evidence of malicious code, obfuscation, or unauthorized data exfiltration was detected.
- [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface shows the skill processes external observability signals. This is an inherent risk factor in the observability domain and no specific vulnerabilities were identified.
- Ingestion points: Data enters the agent's context through logs from Loki, metrics from Prometheus, and traces from Tempo/Jaeger as described in
SKILL.md. - Boundary markers: The templates do not define explicit isolation or "ignore instructions" markers for the agent's analysis of ingested telemetry.
- Capability inventory: The skill allows the agent to use
Bash,Grep,Read,Write, andEdittools when interacting with these signals. - Sanitization: The provided instrumentation examples promote the use of structured logging and specific trace ID formats, which helps distinguish data fields from free-text content.
Audit Metadata