Skills
skills/avivsinai/langfuse-mcp/langfuse/Gen Agent Trust Hub

langfuse

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the uvx tool to download and install the langfuse-mcp package from the Python Package Index (PyPI).
  • [REMOTE_CODE_EXECUTION]: Executing the langfuse-mcp package directly from a remote registry using uvx constitutes a remote code execution pattern as the code is fetched and run at runtime.
  • [COMMAND_EXECUTION]: The setup instructions direct the user to run shell commands that modify the system environment and local files.
  • Evidence: Setup commands for Claude and Codex CLI to add the MCP server.
  • Evidence: A shell script in references/setup.md that appends .mcp.json to the .gitignore file.
  • [DATA_EXFILTRATION]: The skill manages sensitive data and has mechanisms that could lead to data exposure.
  • Evidence: The skill requires and handles LANGFUSE_SECRET_KEY (API credentials).
  • Evidence: Several tools support an output_mode="full_json_file" which writes potentially sensitive AI trace data to the /tmp/ directory.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from an external observability platform.
  • Evidence: Tools like get_prompt and fetch_traces ingest prompt templates and interaction logs that could contain malicious instructions designed to influence the agent's behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 10:11 PM