arize-experiment
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes experiment data from external Arize API calls and local files (CSV, JSON, Parquet) which contain model-generated outputs and freeform evaluation text. This creates a surface for indirect prompt injection where malicious instructions embedded in the data could influence the agent's behavior during analysis or comparison workflows.
- Ingestion points: ax experiments export and ax experiments create in SKILL.md.
- Boundary markers: None identified in instructions for data parsing.
- Capability inventory: Shell command execution (ax, jq), file system read/write.
- Sanitization: No explicit validation or escaping of data content before processing.
- [COMMAND_EXECUTION]: The skill includes instructions to persist environment variables by modifying shell configuration files (~/.zshrc, ~/.bashrc) or Windows environment settings. While intended for legitimate configuration persistence, modifying startup scripts is a persistence mechanism.
- Evidence: references/ax-profiles.md.
- [COMMAND_EXECUTION]: The skill automatically attempts to read sensitive .env files to discover API keys and Space IDs for the Arize platform.
- Evidence: SKILL.md.
Audit Metadata