phoenix-cli
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell-based interactions with the px CLI and jq utility to list, query, and modify traces and spans stored in a Phoenix instance. This includes data processing pipelines and interactive loops for reviewing traces.
- [EXTERNAL_DOWNLOADS]: The skill uses npx to run the @arizeai/phoenix-cli package and includes a command to fetch documentation from the official service provider.
- [PROMPT_INJECTION]: The skill handles trace data which may contain content from external LLM sessions (indirect prompt injection surface). However, it defines structured workflows that focus on manual review rather than automated execution of trace content. Evidence: (1) Ingestion points: px trace list, px trace get in SKILL.md; (2) Boundary markers: None; (3) Capability inventory: Shell commands in SKILL.md and references/open-coding.md; (4) Sanitization: None.
- [CREDENTIALS_UNSAFE]: Documentation explains how to set PHOENIX_API_KEY using environment variables with placeholder values, following standard security practices for secret management.
Audit Metadata