phoenix-cli
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official @arizeai/phoenix-cli package from the npm registry using npx.
- [REMOTE_CODE_EXECUTION]: Runs the vendor's command-line interface directly via npx for debugging and tracing tasks.
- [COMMAND_EXECUTION]: Uses the px CLI and jq to query, filter, and display LLM application data.
- [PROMPT_INJECTION]: The skill ingests untrusted data from LLM traces and prompts which could contain malicious instructions. Ingestion points: Trace data, dataset examples, and prompts fetched via px traces, px dataset, and px prompt. Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are present. Capability inventory: Execution of CLI commands and GraphQL API queries. Sanitization: No explicit validation or sanitization of external LLM content is specified.
Audit Metadata