langfuse-integration

SUSPICIOUS. The core behavior is mostly coherent with an observability migration skill: it installs official SDKs, edits code, and sends traces to Langfuse’s official cloud. However, it hard-codes a specific Langfuse project, instructs the agent to handle live secret keys and regulated metadata, recommends further skill installations, and references a likely outdated/misaligned LlamaIndex integration path. This looks more like a high-impact cloud integration playbook than malware, but the scope and data-routing implications make it medium risk rather than benign.