langfuse-dashboard
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is functionally transparent and focuses on automating interactions with the Langfuse dashboard. Its behaviors align with the documented purpose.- [DATA_EXFILTRATION]: Network navigation is limited to the official Langfuse domain (cloud.langfuse.com). No patterns of unauthorized data collection or exfiltration were observed.- [PROMPT_INJECTION]: No adversarial instructions or attempts to bypass agent security guidelines were detected in the skill's content.- [REMOTE_CODE_EXECUTION]: JavaScript evaluation is confined to extracting specific dashboard metrics from the DOM and does not involve remote code execution or untrusted script injection.- [SAFE]: The skill exhibits an indirect prompt injection surface through its processing of web content:
- Ingestion points: External dashboard content (e.g., trace names) via mcp__playwright__browser_snapshot.
- Boundary markers: Absent.
- Capability inventory: Browser navigation, clicking, evaluation, and file writing.
- Sanitization: None.
Audit Metadata