log-reader
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses
Bashfor environment-aware path construction (date) and log inspection (tail). These are legitimate uses within the context of a log-reading utility and do not involve untrusted input or shell interpolation from external sources. - [DATA_EXFILTRATION]: The skill reads log files that may contain sensitive trading information (account info, symbols). The skill explicitly mitigates exfiltration risk by excluding network-capable tools from the
allowed-toolsconfiguration and instructing the agent to filter sensitive data when reporting results. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from MetaTrader 5 log files which could theoretically contain malicious instructions if a third-party indicator is compromised.
- Ingestion points: Reads log files located at
$MQL5_ROOT/Program Files/MetaTrader 5/MQL5/Logs/*.log. - Boundary markers: No explicit markers (like XML tags or specific delimiters) are used to isolate log content from the agent's instructions.
- Capability inventory: Uses
Bash(fortail),Read(file access), andGrep(searching). - Sanitization: No automated sanitization of log content is performed before processing, although the documentation advises manual filtering of sensitive output.
Audit Metadata