arize-experiment
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the official Arize CLI ('arize-ax-cli') using standard package managers like 'uv', 'pipx', or 'pip'. These are official tools from the vendor for interacting with their platform.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill handles authentication for the Arize platform. It explicitly instructs the user to never pass raw API keys as flags and instead use environment variables (e.g., 'ARIZE_API_KEY'). This aligns with industry security best practices for credential management.
- [PERSISTENCE_MECHANISMS]: The reference files include instructions for users to manually add environment variables to their shell profiles (like '.zshrc' or '.bashrc') for configuration persistence. This is a standard developer workflow and is documented transparently for the user.
- [INDIRECT_PROMPT_INJECTION]: The skill involves processing data from external files (e.g., experiment results in JSON or CSV format). While this creates a surface for indirect prompt injection if those files contain malicious instructions, the skill uses these for structured data analysis via tools like 'jq', which is a typical use case for performance evaluation and does not constitute a high-risk pattern.
Audit Metadata