langfuse
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill depends on the 'langfuse' package, which is not hosted by a predefined trusted organization or repository.
- Data Exposure & Exfiltration (LOW): The skill configures network requests to cloud.langfuse.com; this domain is not within the defined trust scope for network operations.
- Indirect Prompt Injection (MEDIUM): The skill defines an ingestion point for untrusted data (LLM inputs and outputs) and exfiltrates it via network operations to an external sink. Evidence: 1. Ingestion points: Traced LLM inputs and outputs in provided code snippets. 2. Boundary markers: Absent in prompt templates. 3. Capability inventory: Network operations (langfuse.trace, langfuse.flush). 4. Sanitization: Absent for external content.
Audit Metadata