phoenix-pr-screenshot
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to build frontend assets with pnpm, run the Phoenix server with uv, and automate browser screenshots.
- [EXTERNAL_DOWNLOADS]: Uses pnpm install to download dependencies from the public npm registry.
- [DATA_EXFILTRATION]: Uploads captured screenshots to the vendor's Google Cloud Storage bucket (gs://arize-phoenix-assets/) and updates GitHub PR descriptions using the gh CLI.
- [PROMPT_INJECTION]: Ingests PR body content from GitHub (SKILL.md) via
gh pr view. Boundary markers are absent for this external content. Capability inventory includes server execution (uv), file uploads (gsutil), and PR modification (gh). No sanitization is performed on the ingested PR body before re-interpolation. This represents an indirect prompt injection surface that is inherent to the skill's primary function of editing existing pull requests.
Audit Metadata