Skills
skills/panlm/mlflow-skills/analyzing-mlflow-session/Gen Agent Trust Hub

analyzing-mlflow-session

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the mlflow CLI and jq utility within bash scripts (scripts/discover_schema.sh and scripts/inspect_turn.sh) to perform trace analysis.
  • [EXTERNAL_DOWNLOADS]: The mlflow CLI commands fetch session and trace data from a remote MLflow tracking server.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it processes and analyzes multi-turn chat logs retrieved from an external MLflow server. These logs contain untrusted user and assistant content that could contain instructions designed to manipulate the agent's behavior during analysis.
  • Ingestion points: Data is ingested via mlflow traces search and mlflow traces get commands and stored in local JSON files.
  • Boundary markers: None present; the agent is instructed to read and process JSON fields directly.
  • Capability inventory: Shell execution (mlflow, jq, cat, etc.) and file system access.
  • Sanitization: No sanitization of trace attributes, inputs, or outputs is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 06:02 AM