create-integration
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access behaviors were detected. The skill is consistent with its stated purpose of assisting in the development of Elastic integrations.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data, such as user-provided API documentation and sample log files. While this creates a vulnerability surface, the skill implements measures to handle data securely.
- Ingestion points: The skill ingests user-supplied API documentation URLs, sample data files (e.g.,
@samples/acme_event.json), and research briefs as described inSKILL.mdandreferences/add-datastream-workflow.md. - Boundary markers: The skill instructs the agent to wrap specialized subagent instructions in embedded guidance files (e.g.,
builder-subagent-guidance.md) to establish task boundaries. - Capability inventory: The skill utilizes the
elastic-packageCLI for filesystem operations, package scaffolding, building, and running system tests in Docker containers. - Sanitization: A mandatory 'Data anonymization' policy is included in
references/create-workflow.mdandreferences/add-datastream-workflow.md, requiring all committed data, including test fixtures and sample events, to be fully anonymized.
Audit Metadata