arize-dataset
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to echo the
ARIZE_API_KEYenvironment variable to the terminal for verification, exposing sensitive credentials in the agent's output and session logs. - [COMMAND_EXECUTION]: The skill automates the modification of shell configuration files (e.g.,
~/.zshrc,~/.bashrc) and uses PowerShell to set persistent user-level environment variables to save credentials. These are persistence mechanisms that modify the user's system environment. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
arize-ax-clipackage viapip,uv, orpipx. While this is a vendor-provided tool, it involves downloading external code from a registry at runtime. - [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by ingesting untrusted data through commands like
ax datasets createandax datasets appendfrom files or JSON strings. - Ingestion points:
ax datasets create --fileandax datasets append(via--jsonor--file). - Boundary markers: Absent; no instructions are provided to delimit or ignore instructions embedded in the dataset content.
- Capability inventory: Includes shell command execution, software installation, and system environment modification.
- Sanitization: Absent; the skill does not include steps to validate or sanitize input data before processing.
Audit Metadata