logging-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references legitimate educational resources (Stripe, Boris Tane) and standard libraries like Pino. It does not perform any unauthorized or suspicious downloads.
- [DATA_EXFILTRATION] (SAFE): The guidelines recommend logging rich context, including system environment variables and user identifiers. This is standard for observability (the skill's stated purpose). There is no logic to send this data to untrusted external servers; it uses a standard logger interface.
- [PROMPT_INJECTION] (SAFE): No instructions designed to bypass agent safety filters or override system prompts were found. The instructional style is consistent with educational best practices.
- [SAFE] (SAFE): The automated scanner alert for 'logger.info' is confirmed as a false positive. The pattern appears in multiple files as
logger.info(wideEvent)orlogger.info(JSON.stringify(wideEvent)), which are legitimate function calls within the provided TypeScript code snippets.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata