log-dive
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes backend-specific shell scripts using a dispatcher. These scripts utilize 'jq' with '--arg' flags to safely interpolate user input into JSON queries and use Bash arrays for CLI arguments (for 'aws' and 'logcli'), effectively preventing command injection vulnerabilities.
- [DATA_EXFILTRATION]: The skill accesses sensitive log data using user-provided credentials from environment variables. It adheres to a strictly read-only operation model, does not cache logs to disk, and contains no logic to exfiltrate data to unauthorized external endpoints.
- [PROMPT_INJECTION]: While the skill processes untrusted log data (a surface for indirect prompt injection), it implements robust defensive measures. Instructions specifically warn the agent against dumping raw log content and require structured analysis, which minimizes the risk of the agent following instructions embedded within the logs.
Audit Metadata