langsmith-trace
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): Skill requires installation of standard packages 'langsmith', 'click', 'rich', and 'python-dotenv'. These are verified as reputable.
- [PROMPT_INJECTION] (LOW): Indirect injection surface identified. 1. Ingestion point: LangSmith API trace data. 2. Boundary markers: Absent in documentation. 3. Capability inventory: Local file system write ('export' command) and stdout display. 4. Sanitization: None described. Risk is categorized as LOW/INFO because the skill lacks high-privilege sinks like arbitrary execution or network exfiltration of ingested data.
- [SAFE] (INFO): No direct malicious patterns, obfuscation, or credential theft detected. API keys are handled via environment variables with clear placeholders.
Audit Metadata