victorialogs-query
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses curl and jq via the Bash tool to execute queries against VictoriaLogs HTTP APIs and process the resulting JSON or JSON Lines data.- [EXTERNAL_DOWNLOADS]: Fetches log data from external endpoints defined by the $VM_LOGS_URL environment variable. This is consistent with the skill's purpose of log retrieval and analysis.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted log data which could contain malicious instructions.
- Ingestion points: Data retrieved from endpoints like /select/logsql/query and /select/logsql/facets.
- Boundary markers: No delimiters or instructions to ignore embedded content are used in the provided examples.
- Capability inventory: Network access via curl and result processing via jq.
- Sanitization: No explicit content filtering or escaping is implemented before data is returned to the agent.
Audit Metadata