phoenix-evals
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides standard shell commands for installing the Phoenix ecosystem and associated LLM provider SDKs (e.g.,
pip install arize-phoenix,npm install @arizeai/phoenix-client). These are routine setup steps.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of official libraries from the Arize Phoenix organization and well-known AI platform providers including OpenAI, Anthropic, and Google.\n- [PROMPT_INJECTION]: The skill describes how to build LLM-as-a-judge evaluators that process untrusted model outputs. It mitigates indirect prompt injection risks by recommending the use of XML tags as delimiters (e.g.,<response>{{output}}</response>) to separate untrusted variables from instructions in prompt templates.\n - Ingestion points: Untrusted model outputs enter the context via variables like
{{output}}and{{input}}in LLM judge templates.\n - Boundary markers: Templates use XML-style delimiters to wrap untrusted content, reducing the risk of the judge model following instructions embedded in the data.\n
- Capability inventory: The skill primarily uses model APIs for classification and scoring; no unsafe execution capabilities (like arbitrary code execution on inputs) were detected.\n
- Sanitization: Content is delimited as per best practices for LLM evaluation, though not explicitly sanitized.
Audit Metadata