Skills
skills/signoz/agent-skills/signoz-investigating-alerts/Gen Agent Trust Hub

signoz-investigating-alerts

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted telemetry data.
  • Ingestion points: Untrusted data enters the agent context through the use of signoz:signoz_search_logs and signoz:signoz_search_traces, which retrieve log bodies and trace attributes (as described in SKILL.md and references/baseline-comparison.md).
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific prompts to treat the retrieved telemetry as data rather than instructions.
  • Capability inventory: The skill is limited to read-only diagnostic tool calls via the SigNoz MCP server; it has no capabilities for file-writing, arbitrary command execution, or external network exfiltration beyond its defined scope.
  • Sanitization: Not present. Telemetry data is presented in the final analysis without sanitization or escaping.
  • [NO_CODE]: The skill package contains no executable script files and is comprised entirely of instructional markdown and reference files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 02:14 AM