arize-instrumentation
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references documentation and configuration data from arize.com and related GitHub repositories to identify supported integrations.
- [COMMAND_EXECUTION]: Automates the installation of instrumentation packages using standard package managers (pip, npm, pnpm, yarn, uv) and configures the ax CLI for tracing profiles. This includes instructions for persisting environment variables within shell configuration files (~/.bashrc, ~/.zshrc) to maintain tool configuration across sessions.
- [CREDENTIALS_UNSAFE]: Implements secure credential management by instructing the use of environment variables and CLI-based profile creation instead of embedding API keys in code.
- [PROMPT_INJECTION]: Scans local dependency manifests and source code imports to detect the application stack. This creates a surface for indirect prompt injection from codebase content. Ingestion points: dependency manifests and source code imports; boundary markers: absent; capability inventory: file-write and command-execution; sanitization: absent.
Audit Metadata