grafana
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes a command pattern in
SKILL.mdthat pipes network output to an interpreter:curl -s http://localhost:3000/api/health | python3 -m json.tool. While used for JSON formatting, this pattern is inherently risky as it could execute malicious code if the service on the local port is compromised or misconfigured. - [CREDENTIALS_UNSAFE]: Multiple files (
SKILL.md,references/common-patterns.md) contain hardcoded credential strings and placeholders such asadmin:password,admin:pass, andyourpassword. If executed literally, these could lead to the use of insecure or default credentials in production environments. - [COMMAND_EXECUTION]: The skill extensively uses
sudofor various tasks including service management (systemctl), plugin installation (grafana-cli), and file system operations (cp,mkdir,tee). This provides a broad surface for privilege escalation if the agent's environment is not strictly scoped. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading dashboard JSON and plugins from
grafana.comandgithub.com. While these are well-known and reputable services, the skill handles external content that is subsequently processed or executed by the system.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost:3000/api/health - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata