The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (LOW): The skill references several external packages such as arize-phoenix-otel, openinference-instrumentation-openai, and @arizeai/phoenix-otel. These originate from the Arize AI and OpenInference organizations, which are not on the predefined trusted list. However, these dependencies are fundamental to the skill's core purpose and are used according to standard industry practices for observability.
Indirect Prompt Injection (LOW): The skill defines patterns for capturing untrusted data from LLM interactions using attributes like input.value and output.value (as seen in rules/fundamentals-required-attributes.md). 1. Ingestion points: Untrusted strings from LLM prompts and responses entering the trace context. 2. Boundary markers: The skill documents the use of environment variables like OPENINFERENCE_HIDE_INPUTS to prevent the storage of sensitive or malicious data. 3. Capability inventory: No dangerous autonomous code execution is implemented in the skill's scripts. 4. Sanitization: Detailed production guides in rules/production-python.md and rules/production-typescript.md provide methods for PII masking and data suppression to sanitize the collected data.

phoenix-tracing