monitoring-observability
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGH
Full Analysis
- [Prompt Injection] (SAFE): No patterns attempting to override system prompts or bypass safety filters were found.
- [Data Exposure & Exfiltration] (LOW): The skill correctly implements security best practices by including a 'MUST NOT' constraint against logging sensitive information like passwords or API keys. It logs standard metadata (IP, User-Agent) which is standard for observability.
- [Indirect Prompt Injection] (LOW): The skill processes external data, creating a potential surface for log injection.
- Ingestion points: 'req.path' and 'user-agent' headers are ingested in the Winston middleware (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Local file writing (logs) and console output.
- Sanitization: Not explicitly shown in the snippets.
- [External Downloads] (SAFE): All external links point to trusted documentation for Prometheus, Grafana, and Google SRE resources.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata