arize-experiment
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes system shell commands for environment discovery, package installation, and experiment lifecycle management via the ax CLI tool.
- [COMMAND_EXECUTION]: Performs modifications to user shell configuration files like .zshrc and .bashrc and sets persistent environment variables for credential persistence.
- [EXTERNAL_DOWNLOADS]: Installs the arize-ax-cli package from Python package registries. This is a vendor-provided resource from the skill author.
- [CREDENTIALS_UNSAFE]: Collects sensitive Arize API keys and Space IDs, persisting them locally in ~/.arize/config.toml and system environment variables.
- [PROMPT_INJECTION]: Ingests potentially untrusted data from CSV, JSON, and Parquet files for experiment creation. Ingestion points: Run data files provided via the --file flag. Boundary markers: Absent. Capability inventory: CLI command execution and data export. Sanitization: Absent.
Audit Metadata