cekura-metric-improvement
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and processing untrusted data from call transcripts to assist in metric refinement.
- Ingestion points: External data is ingested via
GET /observability/v1/call-logs-external/{id}/as described in the API reference. - Boundary markers: There are no explicit instructions or delimiters provided to isolate potential instructions embedded within the transcripts from the agent's logic.
- Capability inventory: The skill allows the agent to modify metric definitions (
PATCHoperations) and initiate cost-accruing evaluations (POST /observability/v1/call-logs/evaluate_metrics/). - Sanitization: No automated sanitization of external data is mentioned; however, the skill strongly emphasizes manual review of failure explanations and human verification of changes.
- [SAFE]: All referenced domains (
cekura.ai) and API endpoints are official resources belonging to the skill's authoring organization. - [SAFE]: The skill implements a 'Cost Guard' which requires the agent to stop and ask for explicit user confirmation before evaluating more than 100 calls, effectively protecting against automated resource exhaustion.
Audit Metadata