logstash
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines log ingestion pipelines from external sources such as Beats, TCP, and Kafka in SKILL.md, which creates a vulnerability surface for indirect prompt injection attacks. 1. Ingestion points: The beat, tcp, and kafka input plugins defined in SKILL.md are designed to receive external data. 2. Boundary markers: The configuration lacks specific delimiters or instructions to prevent the processing of embedded commands within log messages. 3. Capability inventory: The skill utilizes capabilities to parse and transform log data before routing it to Elasticsearch via the elasticsearch output plugin in SKILL.md. 4. Sanitization: No logic is included to filter or sanitize the log content for malicious natural language instructions.
- [SAFE]: The Docker deployment in SKILL.md uses official Logstash images from the well-known vendor Elastic.
- [SAFE]: Monitoring tasks in SKILL.md execute standard curl commands against the local management API.
Audit Metadata