ln-627-observability-auditor
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were found during the analysis. The skill's behavior is consistent with its stated purpose of auditing observability practices.
- [COMMAND_EXECUTION]: The skill uses the Bash tool and local scripts (
cli.mjs) to manage audit state and execute analysis tools like linters or type checkers. This is an expected capability for an auditing worker. - [DATA_EXPOSURE]: The skill performs read operations on the provided codebase root to detect observability patterns. It writes its findings and reports to a local output directory defined in the contextStore.
- [PROMPT_INJECTION]: The instructions contain standard worker directives and mandatory reads of reference files to maintain operational consistency. No bypass or override commands were identified.
- [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect injection as it processes untrusted codebase data and has access to command execution tools. However, it follows a structured two-layer methodology to verify findings, and the execution of analysis tools is restricted to standard auditing workflows.
Audit Metadata