monitor
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by directing the agent to ingest and analyze untrusted external data sources such as production error logs, stack traces, and user-provided issue reports.
- Ingestion points: Untrusted data is provided to the agent through the templates in
SKILL.mdwithin the 'Error Investigation' and 'User-Reported Issues' sections. - Boundary markers: The skill does not implement delimiters or 'ignore previous instructions' warnings when processing these external data strings, which could allow malicious instructions embedded in logs to influence agent behavior.
- Capability inventory: The agent is authorized to perform code analysis, generate hotfixes, and inspect application logs based on the provided context.
- Sanitization: No procedures for sanitizing or validating the contents of the error logs or user reports are specified before processing.
- [EXTERNAL_DOWNLOADS]: The documentation provides setup guides for several well-known third-party monitoring and analytics services.
- Mentions integration with UptimeRobot, Sentry, Vercel Analytics, Cloudflare Analytics, LogRocket, and Stripe.
- These references are consistent with the skill's primary purpose of establishing application monitoring and incident response workflows.
Audit Metadata