The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill's primary tool uses npx tsx to execute the TypeScript logic.\n
Evidence: SKILL.md defines the tool command as npx tsx *scripts/langfuse-session-view.ts*.\n
Impact: npx downloads the tsx package from the npm registry at runtime if it is not cached, introducing a dependency on an external package registry.\n- [DATA_EXFILTRATION] (LOW): The script connects to the external Langfuse API to retrieve session and trace data.\n
Evidence: fetch calls in scripts/langfuse-session-view.ts target LANGFUSE_HOST (default: https://us.cloud.langfuse.com).\n
Impact: API keys and session data are transmitted to the Langfuse service. This is required for functionality but involves external network operations.\n- [COMMAND_EXECUTION] (LOW): The tool is invoked via a shell command.\n
Evidence: allowed-tools section in SKILL.md.\n
Impact: Requires the agent to have shell execution privileges to run bash and npx.\n- [PROMPT_INJECTION] (LOW): The skill ingests untrusted data from an external source (Langfuse traces) and displays it to the agent.\n
Ingestion points: tracesResponse.json() in scripts/langfuse-session-view.ts.\n
Boundary markers: Absent; data is printed directly to console output without delimiters.\n
Capability inventory: The skill has read and display capabilities only; it does not perform file writes or execute further system commands based on ingested data.\n
Sanitization: Input parameters like sessionId are sanitized using encodeURIComponent.\n
Impact: An attacker who can control trace names or content within the Langfuse environment could attempt to influence the agent's behavior via the displayed output (Indirect Prompt Injection), though the risk is limited by the skill's narrow capability scope.

langfuse-session-view