braintrust-analyze
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes
uv run python -m runtime.harness scripts/braintrust_analyze.py. Because the content ofscripts/braintrust_analyze.pyis not included in the skill definition, its specific actions cannot be verified, representing a risk of arbitrary local code execution. - CREDENTIALS_UNSAFE (LOW): The documentation directs users to store
BRAINTRUST_API_KEYin sensitive environment files like~/.claude/.envor project.env. This highlights an attack surface for credential access. - DATA_EXFILTRATION (MEDIUM): The skill is designed to read and process Braintrust tracing data, which contains full session histories, including prompts and tool outputs. Without visibility into the script, there is a risk this sensitive data could be sent to external endpoints.
- Indirect Prompt Injection (MEDIUM): This skill has an inherent vulnerability surface due to its primary function.
- Ingestion points: Reads historical session logs via the Braintrust API.
- Boundary markers: None identified in the command descriptions or provided documentation.
- Capability inventory: Executes local Python code via
uv run, which can access the file system and network. - Sanitization: No evidence of sanitization or escaping of the historical session content before it is processed and presented back to the agent.
Audit Metadata