Skills
skills/elastic/integration-skills/dashboard-review/Gen Agent Trust Hub

dashboard-review

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external tool via go install github.com/efd6/kbdash@latest. This repository is hosted on a personal GitHub account and is not associated with any official vendor or trusted organization.
  • [REMOTE_CODE_EXECUTION]: Downloading and installing an executable from an unverified source introduces a risk where malicious code could be executed during the installation or whenever the tool is run.
  • [COMMAND_EXECUTION]: The review workflow uses shell commands including git diff, git show, gh pr diff, and the custom kbdash binary to process repository content and pull request data.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests and processes untrusted dashboard JSON data.
  • Ingestion points: Dashboard JSON files (*/kibana/dashboard/*.json) are read and converted to text descriptions for the agent to review.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate instructions that might be embedded within the JSON content.
  • Capability inventory: The skill uses git, gh, and kbdash to access and analyze the data.
  • Sanitization: The procedure does not specify any validation or sanitization steps for the external data before it is presented to the agent for summarization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 08:43 PM
Security Audit — agent-trust-hub — dashboard-review