langfuse-observation-view
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (Category 8) (MEDIUM): The skill ingests untrusted data from the Langfuse API (previous LLM inputs and outputs) and presents them to the agent without sanitization or clear boundary markers. This creates an attack surface where an attacker who previously interacted with the logged system could influence the agent's future actions or reasoning when these logs are viewed.
- Ingestion points:
scripts/langfuse-observation-view.ts(JSON response from Langfuse API). - Boundary markers: Absent. The input and output fields are printed as raw text or JSON.
- Capability inventory: Restricted to standard output (console log). No file system or network write operations detected.
- Sanitization: Absent. No filtering of the API content is performed.
- Data Exposure (Category 2) (LOW): The skill accesses sensitive Langfuse API keys via environment variables. While not hardcoded, the script's purpose involves handling these credentials to access observability data.
Audit Metadata