langfuse
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the
langfuse-mcppackage from the public PyPI registry using theuvxtool during the setup process described inSKILL.mdandreferences/setup.md. - [DATA_EXFILTRATION]: The skill interacts with the Langfuse API (defaulting to
https://cloud.langfuse.com) to exchange observability data such as LLM traces and prompt configurations. This involves the use of sensitive user-provided API keys (LANGFUSE_PUBLIC_KEYandLANGFUSE_SECRET_KEY). As Langfuse is a well-known service, this communication is consistent with the skill's intended functionality. - [COMMAND_EXECUTION]: The installation process involves executing shell commands to configure the MCP server and manage environment variables as outlined in the setup instructions.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes external data (traces, observations, and prompt content) from the Langfuse API.
- Ingestion points: Data entering through tools such as
fetch_trace,fetch_observation, andget_promptinreferences/tool-reference.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the tool documentation or examples.
- Capability inventory: The skill includes tools to create or update prompts and datasets, such as
create_text_promptandcreate_dataset_itemlisted inreferences/tool-reference.md. - Sanitization: There is no documentation regarding the validation or sanitization of data retrieved from the Langfuse API.
Audit Metadata