skills/grafana/skills/skill-authoring/Gen Agent Trust Hub

skill-authoring

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation guides the user to perform various CLI operations using utilities like tessl, jq, curl, git, and go. These are used for validating skill content, interacting with development APIs, and managing repository state, which are standard tasks for the intended developer audience.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources from trusted entities, including Anthropic's official documentation and public GitHub repositories. These links are used for educational and reference purposes in line with the skill's core functionality.
  • [REMOTE_CODE_EXECUTION]: While the skill mentions running scripts and code examples (such as go run), these are presented as local validation checkpoints for developers to verify the accuracy of their documentation before committing changes. There is no evidence of the skill downloading and executing arbitrary code from untrusted remote servers.
  • [PROMPT_INJECTION]: The instructions describe the 'pushy description' pattern to improve skill discovery by the agent. This is a recommended technique for prompt engineering that enhances the agent's ability to trigger relevant capabilities and is not a safety-bypass attempt.
  • [DATA_EXFILTRATION]: Use of curl in examples is focused on interacting with local or development-environment Grafana APIs for provisioning. No patterns suggesting the exfiltration of sensitive user data or credentials to external or untrusted domains were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 06:39 AM
Security Audit — agent-trust-hub — skill-authoring