telegraf
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: Hardcoded database credentials are used in the Telegraf configuration for PostgreSQL and MySQL inputs. Findings include 'postgres://telegraf:password@localhost:5432/myapp' and 'telegraf:password@tcp(localhost:3306)/' in 'SKILL.md'.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The 'docker-compose.yml' file contains a hardcoded initialization password 'changeme123' for the InfluxDB service.
- [PRIVILEGE_ESCALATION]: The Docker Compose configuration mounts the host's Docker socket ('/var/run/docker.sock') and sensitive host paths ('/proc', '/sys') into the container, which allows the agent to potentially gain elevated control over the host system.
- [COMMAND_EXECUTION]: The configuration utilizes the 'inputs.exec' plugin to run a local script ('/opt/scripts/check_queue_depth.sh'), introducing a vector for arbitrary command execution.
- [DYNAMIC_EXECUTION]: The skill uses the 'processors.starlark' plugin to execute embedded Python-like script logic at runtime for metric transformation.
Recommendations
- AI detected serious security threats
Audit Metadata