tracekit-code-monitoring
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Auth Bootstrap' section contains instructions that attempt to control the agent's interaction with the user by suppressing certain disclosures ('Do not tell the user to go sign up, log in separately...').
- [COMMAND_EXECUTION]: The skill requires the execution of a local script './scripts/run-tracekit-auth.sh' to check the authentication status of the TraceKit tool.
- [DATA_EXFILTRATION]: The skill is designed to capture variable snapshots and application state, which are then transmitted to the vendor's external dashboard at 'https://app.tracekit.dev'.
- [PROMPT_INJECTION]: The skill implements 'Conditional Breakpoints' and 'Logpoints' which ingest and process expressions and templates. This creates an indirect prompt injection surface where data from the monitored application could influence processing.
- [INDIRECT_PROMPT_INJECTION_EVIDENCE]:
- Ingestion points: Breakpoint conditions and logpoint template strings defined by users or residing in application data.
- Boundary markers: Not explicitly defined for the agent's processing context.
- Capability inventory: Network access to 'app.tracekit.dev' and execution of local shell scripts.
- Sanitization: The skill mentions 13 PII scrubbing patterns and claims that expressions are evaluated in a server-side sandboxed engine.
Audit Metadata