grafana-monitoring
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation in
SOURCE.mdreferences the use ofuvx mcp-grafana. This is a standard and safe deployment method for Python-based Model Context Protocol (MCP) servers from public registries. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests and processes potentially untrusted external data.
- Ingestion points: External log data and traces are ingested via
grafana__query_loki_logsandgrafana__tempo_get-tracetools (documented inSKILL.mdandreferences/loki-logql.md). - Boundary markers: No explicit delimiter usage or instructions to ignore embedded commands are present in the skill's prompting logic.
- Capability inventory: The skill possesses write capabilities including
grafana__create_incident,grafana__create_annotation, andgrafana__add_activity_to_incident(SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the log content before it is processed by the agent.
Audit Metadata