retrieving-mlflow-traces
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill includes a WebFetch call to mlflow.org to retrieve filter syntax documentation. This is a trusted official source for the MLflow project.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the mlflow command-line interface and standard shell arithmetic/utilities (date) for timestamp calculations. These operations are within the expected scope of a tool designed for MLflow trace management.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or access to sensitive system files (like SSH keys or environment variables) were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from external command outputs (mlflow traces) and external documentation (mlflow.org). While this constitutes an attack surface, the risk is categorized as low as it is standard behavior for tools processing external data.
Audit Metadata