cx-telemetry-querying
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides instructions for querying telemetry data using the
cxCLI, a legitimate vendor-owned utility. All described operations are focused on data retrieval and analysis, with an explicit mention that query commands are read-only.\n- [PROMPT_INJECTION]: The skill involves processing external telemetry data (logs, spans, and RUM events), which represents a surface for indirect prompt injection. This is documented for awareness but is consistent with the skill's purpose. Evidence: 1. Ingestion points: Output fromcx logs,cx spans, andcx metrics. 2. Boundary markers: No specific delimiters or 'ignore' instructions are provided in the current templates. 3. Capability inventory: Shell command execution via thecxtool. 4. Sanitization: No explicit sanitization of telemetry content is performed.
Audit Metadata