integrate-flowlines-sdk-python
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation requires the installation of the
flowlinespackage and its instrumentation extras (e.g.,flowlines[openai],flowlines[all]) from PyPI. These are legitimate resources owned by the skill author (flowlines-ai). - [DATA_EXFILTRATION]: The SDK is designed to capture LLM telemetry, including requests, responses, and metadata, and export them to the vendor's infrastructure at
ingest.flowlines.aiandapi.flowlines.ai. This is the primary function of the tool. - [PROMPT_INJECTION]: The presence of
get_memory()andaget_memory()functions creates a surface for indirect prompt injection by retrieving data from external storage that might be used in future prompts. - Ingestion points:
get_memory()andaget_memory()inSKILL.mdfetch JSON data from the Flowlines API. - Boundary markers: No delimiters or instructions to ignore embedded content are provided in the integration examples.
- Capability inventory: The skill provides monitoring and memory retrieval functions but does not contain dangerous system-level capabilities like file writing or arbitrary code execution.
- Sanitization: The skill returns raw JSON data from its memory retrieval functions without explicit sanitization instructions.
- [COMMAND_EXECUTION]: The documentation includes a
curlexample for verifying trace ingestion that uses unencrypted HTTP (http://api.flowlines.ai). This represents a best-practice violation as it could expose the API key in thex-flowlines-api-keyheader to interception.
Audit Metadata