logging-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were detected. The skill actively promotes security best practices, such as PII redaction and using structured logging formats to prevent log injection.
- [DATA_EXFILTRATION] (SAFE): While the skill includes integrations for sending logs to external services like Elasticsearch and AWS CloudWatch, these are standard practices for centralized logging. No sensitive local file access or credential exfiltration was observed.
- [EXTERNAL_DOWNLOADS] (SAFE): The referenced libraries (Winston, structlog, zap, watchtower, etc.) are industry-standard logging frameworks from trusted registries.
- [SAFE] (SAFE): The automated scan finding for 'logger.info' is identified as a false positive. The string represents a common method call in multiple logging APIs and not a network destination.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata