qa-observability
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or security violations were detected in the skill definition.\n- [DATA_EXFILTRATION]: The skill documentation mandates the redaction of PII and secrets by default in all logs and attributes, which is a strong security best practice for observability setups.\n- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by collecting application logs and traces for debugging. However, it provides no active code to process this data, and includes sanitization guidelines.\n
- Ingestion points: Capture of trace links and key logs on test failures.\n
- Boundary markers: Recommends the use of structured JSON and correlation IDs.\n
- Capability inventory: No executable scripts, subprocess calls, or system-level capabilities are defined in the skill.\n
- Sanitization: Explicitly requires default redaction of PII and secrets from attributes and logs.\n- [EXTERNAL_DOWNLOADS]: References to third-party observability platforms (e.g., Datadog, New Relic) and open-source tools (e.g., Prometheus, Grafana) are for architectural guidance and do not involve the automated installation of untrusted dependencies.
Audit Metadata