grafana
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from a Grafana instance (dashboards, annotations, and alerts) which could be controlled by an external party or a compromised account. This represents an indirect prompt injection surface if that data contains malicious instructions meant to influence the agent's behavior.
- Ingestion points: API responses processed in
Tools/GrafanaClient.tsandTools/DashboardCrud.ts. - Boundary markers: The skill does not implement specific delimiters or warnings for the agent to ignore instructions embedded in the Grafana data.
- Capability inventory: The skill has the ability to write to the local filesystem using
Bun.writeand perform network operations viafetch. - Sanitization: Data retrieved from the API is parsed as JSON but not sanitized to prevent instruction injection.
- [COMMAND_EXECUTION]: The skill is designed to run TypeScript tools using the
bunruntime. For example,DashboardCrud.tsis executed as a CLI tool to perform dashboard operations. - [DATA_EXFILTRATION]: The skill interacts with external Grafana API endpoints and requires a Service Account Token for authentication. While it correctly suggests using environment variables (
GRAFANA_TOKEN), the agent has access to these credentials to perform its tasks. Additionally, the skill reads from and writes to the local filesystem to export and import dashboard JSON files, which allows the agent to interact with user-specified local data.
Audit Metadata