salvo-logging
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a documentation resource for the Salvo web framework, focusing on standard observability patterns such as request logging and OpenTelemetry integration.
- [DATA_EXPOSURE]: The skill incorporates a 'Gotchas' section that provides positive security guidance, specifically advising developers never to log unredacted sensitive headers like 'Authorization' or 'Cookie'.
- [INDIRECT_PROMPT_INJECTION]: The code snippets demonstrate logging of external request data, including URI paths and the 'x-request-id' header. This creates a standard ingestion surface where untrusted data enters the application's logs. However, the skill emphasizes redaction and does not perform any high-risk operations on this data, maintaining a safe posture.
- [COMMAND_EXECUTION]: No shell command execution or dynamic command generation patterns were detected. The use of logging macros (e.g., info!, warn!) is standard and restricted to diagnostic output.
Audit Metadata