phoenix-evals
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill involves processing untrusted LLM outputs. Evidence: 1. Ingestion points: Data entering through
evaluate_dataframe(rules/evaluate-dataframe-python.md) andrun_experiment(rules/experiments-running-python.md). 2. Boundary markers: The skill recommends XML tags (e.g.,<question>{{input}}</question>) to delimit untrusted data (rules/evaluators-llm-python.md). 3. Capability inventory: LLM calls viaClassificationEvaluatorandcreate_classifier. 4. Sanitization: Not explicitly implemented in documentation snippets. Severity is SAFE as this is core functionality and best-practice delimiters are promoted. - [External Downloads] (SAFE): Instructions for installing well-known packages (e.g.,
arize-phoenix,openai,anthropic) from standard registries (PyPI, npm). - [Data Exfiltration] (SAFE): The skill connects to
https://app.phoenix.arize.comto export traces and evaluations, which is the documented primary behavior of the platform.
Audit Metadata