observe-metrics
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the Bash tool in its frontmatter, allowing the agent to execute arbitrary shell commands on the host environment as part of its workflow.
- [EXTERNAL_DOWNLOADS]: The skill documentation provides a CLI alternative that utilizes npx to download the @claude-flow/cli package from the npm registry.
- [REMOTE_CODE_EXECUTION]: The use of npx @claude-flow/cli@latest involves the dynamic execution of external code fetched from a remote repository at runtime.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes data from external memory and pattern stores (mcp__claude-flow__memory_search, mcp__claude-flow__agentdb_pattern-search) and presents it to the agent while also having command execution capabilities.
- Ingestion points: Metric records and patterns are fetched via memory_search and pattern-search tools in SKILL.md.
- Boundary markers: No delimiters or instructions to ignore embedded commands are used when processing the retrieved data.
- Capability inventory: The Bash tool is enabled, providing a mechanism for potential exploitation if malicious instructions are present in the ingested data.
- Sanitization: No validation or sanitization of the metrics data is described before it is processed by the agent.
Audit Metadata