Grafana Dashboard Snapshot Exporter
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions that fetch content from the vendor's repository using npx and clawhub. These are standard deployment methods for the agentskillexchange ecosystem.
- [COMMAND_EXECUTION]: Shell commands for installation (npx skills add, clawhub install) are documented for several AI agent environments. These are intended for user-initiated setup.
- [DATA_EXFILTRATION]: The skill's primary function is to export monitoring data from Grafana to snapshots and external storage providers like AWS S3 or Google Cloud Storage.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface. It ingests untrusted data from Grafana dashboard definitions and Prometheus query results without explicit boundary markers or sanitization described. Its capabilities include network requests to external APIs and cloud storage writes, which could be influenced by malicious content in the monitored dashboards.
Audit Metadata