observability
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
uvxtool to download and execute external packages includingopensearch-mcp-server-pyandduckduckgo-mcp-server. These are recognized as official vendor tools (from the opensearch-project) and well-known services respectively. - [COMMAND_EXECUTION]: The skill relies on shell commands for querying OpenSearch clusters and running local helper scripts.
- Evidence: Multiple
curlexamples are provided for PPL and Query DSL interactions. - Evidence: The skill references a local documentation search script at
scripts/opensearch_ops.py. - [REMOTE_CODE_EXECUTION]: The use of
uvxwith the@latesttag onopensearch-mcp-server-pyconstitutes dynamic loading and execution of remote code. This is considered safe as it originates from the verified skill author. - [PROMPT_INJECTION]: The skill employs role-play instructions to define the agent's expertise as an 'OpenSearch log analytics specialist' and 'trace analytics specialist'. These are standard behavioral guidelines and do not contain bypass or override patterns.
- [CREDENTIALS_UNSAFE]: While the skill contains an example password (
My_password_123!@#) in the documentation, it is presented as a default placeholder for environment variable setup in local environments and is not a leaked production credential. - [DATA_EXFILTRATION]: The skill manages connection details (URLs and credentials) for OpenSearch clusters. It follows best practices by using environment variables and user-prompted configuration rather than hardcoding sensitive data.
Audit Metadata