arize-trace
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill handles sensitive information, such as Arize API keys, according to security best practices by directing the user to use environment variables rather than providing secrets directly to the agent.\n- [PROMPT_INJECTION]: The skill correctly identifies a potential indirect prompt injection surface in exported trace data (e.g., span attributes) and provides explicit instructions for the agent to treat this data as untrusted text, effectively mitigating the risk. Evidence: File SKILL.md contains a Security Guardrail section warning about untrusted user-generated content in span attributes.\n- [COMMAND_EXECUTION]: The skill executes the
axCLI tool to fetch trace data from official Arize domains. All command operations are within the scope of the skill's intended purpose for telemetry analysis.\n- [EXTERNAL_DOWNLOADS]: The skill references thearize-ax-clipackage and provides troubleshooting instructions for its installation from official registries via standard package managers.
Audit Metadata