logcli
Pass
Audited by Gen Agent Trust Hub on Jun 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill wraps the
logclibinary using shell scripts to interact with Loki instances. It handles arguments securely and restricts execution to a predefined set of internal command scripts. - [EXTERNAL_DOWNLOADS]: The skill is configured to pull the
grafana/logcliDocker image from Docker Hub if a local installation is not found. This targets an official image from a well-known service provider and is used as a runtime environment. - [PROMPT_INJECTION]: The skill processes untrusted log data from external sources, which presents a surface for indirect prompt injection. 1. Ingestion points: Logs fetched via
scripts/commands/logs/query.sh. 2. Boundary markers: The skill does not use specific delimiters or instructions to isolate log content. 3. Capability inventory: Read-only log querying and label inspection. 4. Sanitization: External log content is output directly without escaping or filtering. - [DATA_EXFILTRATION]: A test file (
tests/test_env_resolution.sh) contains a hardcoded absolute path to a developer's local directory (/Users/Dmytro/Projects/vinitu/logcli-skill/.env). While this is a poor development practice, it does not constitute an exfiltration attempt.
Audit Metadata