backend-metrics
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill requires installing multiple packages from the OpenTelemetry project via npm (@opentelemetry/api, @opentelemetry/sdk-node, @opentelemetry/sdk-metrics, @opentelemetry/exporter-metrics-otlp-grpc, @opentelemetry/resources, @opentelemetry/semantic-conventions). While these are industry-standard libraries, their source is not on the strictly predefined trusted organization list for this environment.
- Data Exposure & Exfiltration (LOW): The skill configures a network exporter to send telemetry data (HTTP request methods, route paths, and response status codes) to an OTLP collector. By default, this targets localhost, but it can be configured to any external URL via environment variables. There is no access to sensitive files or secrets.
- Indirect Prompt Injection (INFO): The metrics middleware ingests untrusted data from incoming HTTP requests to label metrics.
- Ingestion points:
ctx.pathandctx.methodinapps/backend/src/middleware/metrics.ts. - Boundary markers: None.
- Capability inventory: The ingested data is only used for recording metrics; there are no subprocess calls, file writes, or network requests triggered by the content of the data itself.
- Sanitization: None detected.
Audit Metadata