Skills
skills/gkwa/volcanicviper/grafana-bake-annotation/Gen Agent Trust Hub

grafana-bake-annotation

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using uv run to trigger local scripts. Evidence: uv run --directory ~/pdev/taylormonacelli/diminutivedragon scripts/annotate-grafana.py.
  • [REMOTE_CODE_EXECUTION]: The skill executes external Python scripts located at /Users/mtm/pdev/taylormonacelli/diminutivedragon/scripts/annotate-grafana.py, which are outside the skill's own directory and managed on the host system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from a 'bake log' and interpolates extracted values directly into shell command arguments without explicit sanitization or boundary markers.
  • Ingestion points: Bake log entries (extracted events and timestamps).
  • Boundary markers: None identified; data is passed directly as CLI flags.
  • Capability inventory: Subprocess execution via uv run in SKILL.md.
  • Sanitization: None specified for the extracted labels or timestamps before CLI interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 02:31 AM
Security Audit — agent-trust-hub — grafana-bake-annotation