Skills
skills/winsorllc/upgraded-carnival/log-analyzer/Gen Agent Trust Hub

log-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script {baseDir}/analyze.sh to perform log parsing and statistical analysis. It takes user-provided arguments such as file paths, regex patterns, and format strings.
  • [COMMAND_EXECUTION]: The skill is designed to read potentially sensitive system files, specifically referencing paths like /var/log/app.log and access.log.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from log files.
  • Ingestion points: Log files provided via the <logfile> argument in SKILL.md.
  • Boundary markers: None mentioned in the skill instructions to distinguish between log data and agent instructions.
  • Capability inventory: The skill executes subprocesses via {baseDir}/analyze.sh which may use tools like grep, awk, or sed to process data (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the log content is described before it is analyzed and returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:11 AM