langfuse-observability
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerability to Indirect Prompt Injection via untrusted data ingestion.
- Ingestion points: The skill instructs the agent to 'Check the project' and 'Infer from code' (SKILL.md), requiring the agent to process external, potentially untrusted project files.
- Boundary markers: There are no explicit boundary markers or instructions to treat the analyzed code as untrusted, making the agent susceptible to instructions embedded within the code's comments or strings.
- Capability inventory: The skill's primary function is to audit and modify application code (file read/write access), which could be manipulated if malicious code is analyzed.
- Sanitization: The skill lacks sanitization mechanisms for the ingested data before it is used for decision-making or code generation.
Recommendations
- AI detected serious security threats
Audit Metadata