signals-scout-ai-observability
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted LLM trace data which creates an attack surface for indirect prompt injection. An attacker could potentially embed instructions in application traces intended to manipulate the scout's findings or poison its long-term memory.
- Ingestion points: Telemetry data containing raw request/response pairs is retrieved using
query-llm-trace(documented inSKILL.mdand referenced inreferences/lenses.md). - Boundary markers: None. The skill does not use delimiters or instructions to treat trace content as data rather than instructions when processing telemetry events.
- Capability inventory: The skill can persist findings to a durable
scratchpadviasignals-scout-scratchpad-rememberand post to a user-facing inbox viasignals-scout-emit-signal(SKILL.md). - Sanitization: No validation or sanitization is performed on the retrieved trace content before it is processed by the agent.
Audit Metadata