The Agent Skills Directory

[SAFE]: The skill provides legitimate documentation and configuration templates for Grafana OSS core features such as dashboards, alerting, and data sources.
[CREDENTIALS_UNSAFE]: Security best practices are followed by using generic placeholders (e.g., 'secret', 'yourpassword') or environment variable references (e.g., '$GRAFANA_MYSQL_PASSWORD') in all configuration examples and API calls.
[COMMAND_EXECUTION]: Includes standard examples for administrative tasks using 'curl' for the Grafana API and 'grafana-cli' for plugin installation.
[EXTERNAL_DOWNLOADS]: Network references are limited to trusted and well-known services including Grafana's official documentation, Okta for authentication, and standard SMTP/Slack endpoints.
[DATA_EXFILTRATION]: No patterns of unauthorized data harvesting or network exfiltration were identified.
[SAFE]: Regarding Indirect Prompt Injection (Category 8): 1. Ingestion points: Data source query results from systems like Prometheus and Loki are processed for visualization in panels and alerts. 2. Boundary markers: Absent in provided configuration snippets. 3. Capability inventory: Administrative actions via Grafana API (curl) and plugin management (grafana-cli). 4. Sanitization: Performed by Grafana's internal data handling and query sanitization mechanisms. This represents standard and expected observability platform behavior.

grafana-oss