Skills
skills/arize-ai/phoenix/phoenix-cli/Gen Agent Trust Hub

phoenix-cli

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx @arizeai/phoenix-cli to download and execute the CLI tool directly from the npm registry. This is a standard distribution method for Node.js-based vendor tools.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for all its functionality, including resource management (trace, span, dataset) and documentation retrieval (px docs fetch).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes trace data, span attributes, and dataset examples that may contain untrusted content from previous LLM interactions.
  • Ingestion points: External data is ingested through commands like px trace get, px span list, and px dataset get in SKILL.md.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the fetched trace/span data.
  • Capability inventory: The agent has the capability to execute shell commands via the px CLI and process the output.
  • Sanitization: No sanitization or validation of the retrieved trace/dataset content is implemented before it is presented to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 02:27 PM