opentelemetry
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime commands that fetch and execute remote content (e.g., kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml and curl -L https://github.com/open-telemetry/opentelemetry-collector-releases/releases/latest/download/otelcol-contrib_linux_amd64.tar.gz | tar xz, as well as docker run/pulled images and a downloadable java agent from https://github.com/grafana/grafana-opentelemetry-java/releases), which will execute remote manifests/binaries/images at runtime and are presented as required installation/runtime steps.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt is mostly harmless configuration and instrumentation instructions, but it explicitly instructs running Beyla with a Docker --privileged container and mounting /sys/kernel/security (which bypasses container isolation and accesses host kernel files), a security-sensitive action that can compromise the host.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata