langfuse
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill document serves as a guide for developers to implement and debug LLM observability.
- [EXTERNAL_DOWNLOADS]: References official SDKs from Langfuse (@langfuse/tracing, @langfuse/otel) and targets the official Langfuse cloud API. These are well-known and trusted observability services.
- [COMMAND_EXECUTION]: Includes example CLI commands for debugging and secret retrieval. These commands (curl, jq, secrets lease) are intended for manual operator use and do not involve untrusted input or hidden execution.
- [CREDENTIALS_UNSAFE]: Mentions API keys associated with Langfuse. The examples provided use truncated or redacted strings (e.g., pk-lf-cb8b...), and the skill correctly points to an internal vault ('agent-secrets') for production usage.
Audit Metadata