loki-log-query
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently uses
python3 -cto execute Python code snippets for JSON parsing, environment switching, and log processing. This pattern involves interpolating shell-derived variables (likeENV_KEY,API_PATH, andTOKEN) into executable strings, which can be vulnerable to command injection if inputs are not strictly validated. - [CREDENTIALS_UNSAFE]: The skill instructions manage "Grafana Service Account Tokens" and provide shell commands to write these tokens into a local JSON file (
environments.json). Storing and handling plaintext secrets in skill-specific configuration files increases the risk of credential exposure. - [DATA_EXFILTRATION]: The skill uses
curlto transmit authentication tokens to external domains (e.g.,test13.xnzn.net,monitor-dev.xnzn.net). These domains are not recognized as trusted organizations or well-known services. Sending credentials to unknown external endpoints is a sensitive operation that requires caution. - [PROMPT_INJECTION]: The skill processes arbitrary log data from an external Loki instance. This represents an indirect prompt injection surface as logs can contain data from untrusted users.
- Ingestion points: API response data from
curlcalls to Lokiquery_rangeendpoints (found inSKILL.md). - Boundary markers: Absent; log lines are processed directly without delimiters or instruction-bypass warnings.
- Capability inventory: The skill possesses network access (
curl), file-write capabilities (updatingenvironments.json), and dynamic execution (python3 -c). - Sanitization: Absent; the skill uses basic string splitting (
parts = line.split(',')) and regex without validation of content safety.
Audit Metadata