monitoring-observability
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a documentation and template asset for observability. It provides best practices for instrumentation and does not contain malicious code.
- [CREDENTIALS_UNSAFE]: Hardcoded credentials found in the files (such as in
checklists/langfuse-setup-checklist.mdandreferences/dev-agent-lens.md) are clearly identified as placeholders (e.g., 'CHANGE_ME', 'pk-...', 'sk-...') or default credentials for local development environments (e.g., 'miniosecret'), which is standard practice for documentation and templates. - [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted packages from official registries (NPM and PyPI) such as
langfuse,prometheus-client, andstructlog. It does not attempt to download code from untrusted or unknown remote sources. - [DATA_EXFILTRATION]: Code snippets demonstrating API usage (e.g., in
references/annotation-queues.md) are directed towards the user's own monitoring infrastructure (e.g.,LANGFUSE_HOST) for legitimate observability purposes. - [COMMAND_EXECUTION]: No unauthorized or dangerous shell commands were detected. Command examples provided in the documentation are relevant to service health checks and deployment (e.g.,
docker-compose up). - [INDIRECT_PROMPT_INJECTION]: The skill documents how to process external trace and score data for quality evaluation. While this creates a data ingestion surface, it is the primary purpose of an observability tool, and the provided patterns use standard library integrations.
Audit Metadata