elasticsearch
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes curl and jq within bash snippets to perform cluster health checks, index management, and data searches. These operations are aligned with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill incorporates an attack surface for indirect prompt injection. Ingestion points: User-provided values for index names, search fields, and query terms are interpolated into shell command templates in SKILL.md. Boundary markers: No delimiters or instructions are present to mitigate malicious data. Capability inventory: The skill executes network requests and writes data via curl. Sanitization: No sanitization of user-provided content is performed before shell interpolation.
- [CREDENTIALS_UNSAFE]: The skill correctly uses the ELASTICSEARCH_URL environment variable for configuration instead of hardcoding sensitive credentials.
Audit Metadata