metrics-graphana
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official grafanactl utility from the Grafana Labs repository on GitHub using the Go toolchain.
- [COMMAND_EXECUTION]: Executes shell commands for configuration and data retrieval, including the use of Python one-liners for processing API JSON responses.
- [PROMPT_INJECTION]: The skill processes external data (metric labels and dashboard JSON) which represents an indirect prompt injection surface.
- Ingestion points: External data is retrieved from Grafana and Prometheus API endpoints via curl and grafanactl as seen in SKILL.md.
- Boundary markers: No explicit markers or instructions are provided to the agent to distinguish fetched data from its core instructions.
- Capability inventory: The skill has access to shell execution, network operations, and file management tools.
- Sanitization: Fetched monitoring data is processed without specific sanitization against embedded natural language instructions.
Audit Metadata