dotnet-observability
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several standard NuGet packages for OpenTelemetry and community-vetted health check libraries. These are well-known resources within the .NET developer ecosystem and are considered safe.
- [PROMPT_INJECTION]: A surface for indirect prompt injection is identified in the distributed tracing propagation patterns.
- Ingestion points: The skill demonstrates extracting traceparent and tracestate headers from external message or HTTP requests.
- Boundary markers: No boundary markers or delimiters are suggested to encapsulate external telemetry data within internal spans or logs.
- Capability inventory: The agent uses the extracted external data to populate structured logs and Activity span attributes.
- Sanitization: No sanitization or validation of the extracted header values is performed before they are processed by the logging and tracing infrastructure.
Audit Metadata