Skills
skills/alberduris/skills/langfuse-traces/Gen Agent Trust Hub

langfuse-traces

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [Data Exposure & Exfiltration] (MEDIUM): The script scripts/query.sh reads sensitive configuration files (.env, .env.local) using grep to extract API keys. Although this is the primary method for authentication with the Langfuse service, direct file access to environment files is a security concern as it may inadvertently expose other unrelated credentials stored in the same directory. The credentials are then transmitted via curl to cloud.langfuse.com.
  • [Indirect Prompt Injection] (LOW): The skill ingests trace data from an external API, which acts as a surface for indirect prompt injection if the traces contain malicious instructions from previously logged LLM interactions.
  • Ingestion points: Data is fetched from the Langfuse API via curl in scripts/query.sh.
  • Boundary markers: None. The output is returned as raw JSON or formatted text without delimiters.
  • Capability inventory: Uses Bash to execute curl (network) and jq (processing).
  • Sanitization: The script uses jq to structure the data, but it does not sanitize the content of the traces before returning them to the agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 07:25 AM