langfuse-trace-view
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected in the trace viewing functionality.
- Ingestion points: The script scripts/langfuse-trace-view.ts fetches trace data including 'input' and 'output' fields from the Langfuse API.
- Boundary markers: None. External trace content is printed directly to the console output without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill is limited to fetching and displaying information; it does not have write access or the ability to execute commands based on the trace content.
- Sanitization: The script performs basic truncation of long JSON strings but does not sanitize the content for potential malicious instructions.
- [COMMAND_EXECUTION] (LOW): The skill executes a local TypeScript script using npx tsx. While this is a common execution pattern for Node.js-based AI agent skills, it relies on the execution of code within the local environment.
Audit Metadata