langfuse-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches documentation from 'https://api.reference.langfuse.com' and an OpenAPI spec from 'https://cloud.langfuse.com'. While these are legitimate service domains, dynamic fetching of instructional content introduces a dependency on external content integrity.
- [COMMAND_EXECUTION] (LOW): Employs 'curl' to perform REST API operations. The skill explicitly instructs the agent to check credentials using 'echo' and interpolate them into shell commands, which may expose secrets in local execution logs.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: API reference URL and OpenAPI YAML file.
- Boundary markers: None present; the agent is instructed to 'Always fetch fresh docs' and 'Look for the specific endpoint'.
- Capability inventory: Shell command execution via 'curl'.
- Sanitization: None; the agent relies on the external schema to structure its subsequent shell commands.
Audit Metadata