langfuse-prompt-migration
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8). It directs the agent to ingest untrusted data from the local codebase without sanitization or boundary markers. • Ingestion points: Step 1 (Scanning codebase for prompts). • Boundary markers: Absent; the skill does not instruct the agent to ignore instructions found within the prompts. • Capability inventory: The agent has the authority to modify source code (Step 6) and make authenticated API calls to Langfuse (Step 5). • Sanitization: Absent. A malicious instruction hidden in a hardcoded string could hijack the agent's logic during the migration process.
- [Command Execution] (LOW): The skill requires the agent to execute shell commands (echo) to verify environment variables containing sensitive API keys.
- [External Downloads] (LOW): The skill fetches documentation and FAQ data from langfuse.com, which is an external, non-whitelisted domain.
Recommendations
- AI detected serious security threats
Audit Metadata