Skills
skills/root-signals/scorable-skills/scorable-otel-evaluation/Gen Agent Trust Hub

scorable-otel-evaluation

Fail

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill installs the Scorable CLI using a piped shell command from the vendor's domain (curl -sSL https://scorable.ai/cli/install.sh | sh). This is documented as the official distribution channel for the author's tools.
  • [EXTERNAL_DOWNLOADS]: Downloads and installs various OpenInference and OpenTelemetry packages from official npm and PyPI registries to enable tracing within the target application.
  • [COMMAND_EXECUTION]: Instructs the agent to execute the scorable CLI to manage authentication, list traces, and create evaluation filters.
  • [DATA_EXFILTRATION]: Configures the application to export observability traces, which may include sensitive prompts and responses, to the Scorable OTLP endpoint at https://api.scorable.ai/otel/v1/traces.
  • [PROMPT_INJECTION]: The skill ingests external data from traces via CLI calls (scorable otel-trace list and otel-trace spans in SKILL.md). This ingestion point lacks explicit boundary markers or sanitization, creating an indirect prompt injection surface where malicious trace content could influence agent logic. The agent possesses capabilities for CLI execution and file system access.
Recommendations
  • HIGH: Downloads and executes remote code from: https://scorable.ai/cli/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 5, 2026, 12:26 PM