superlog-onboard
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to automate the onboarding and verification process:
- Executes
open,xdg-open, orstartto launch the Superlog signup flow in the default browser. - Runs native project commands (e.g.,
npm run dev,pnpm build,uv run python) to verify that the instrumentation does not break the application. - Uses
curlto trigger application routes and verify the flow of telemetry signals. - Executes
claude mcp addto configure the Superlog MCP server for the agent. - [EXTERNAL_DOWNLOADS]: The skill installs necessary telemetry packages using system package managers:
- Downloads official OpenTelemetry SDKs and instrumentations (e.g.,
@opentelemetry/sdk-node,opentelemetry-sdk). - Installs the vendor-provided
@superlog/otel-helperspackage. - [DATA_EXFILTRATION]: The skill performs network operations to transfer setup and telemetry data to the vendor's domain:
- Sends signup intent metadata (token hash and prefix) to
api.superlog.sh. - Transmits project telemetry (traces, logs, metrics) to
intake.superlog.shfor verification. - Extracts and hardcodes repository metadata, including the VCS URL and commit SHAs, as resource attributes in the telemetry payload.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its analysis of the user's codebase:
- Ingestion points: The agent reads and maps all applications and services within the repository (orchestrated in
SKILL.md). - Boundary markers: None. The skill processes code blocks directly to identify business operations for instrumentation.
- Capability inventory: File system writes, shell command execution (build/deploy), and network access (defined in
SKILL.md). - Sanitization: None. The skill assumes project source code is safe to process for identifying instrumentation targets.
Audit Metadata