Skills
skills/panlm/mlflow-skills/analyzing-mlflow-trace/Gen Agent Trust Hub

analyzing-mlflow-trace

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to analyze trace data from MLflow, which serves as an ingestion point for untrusted external content. Malicious data within the trace (e.g., in span attributes or assessment rationales) could potentially influence the agent's logic if interpreted as instructions.
  • Ingestion points: External JSON data retrieved via mlflow traces get and stored in /tmp/trace.json (SKILL.md).
  • Boundary markers: No explicit boundary markers or 'ignore embedded instructions' directives are included for processing the trace content.
  • Capability inventory: Execution of shell commands through mlflow and jq (SKILL.md).
  • Sanitization: No sanitization or validation of the trace data is performed before analysis.
  • [COMMAND_EXECUTION]: The skill uses the mlflow and jq command-line utilities to perform its core tasks. This is standard behavior for the intended use case but involves executing shell commands with user-supplied parameters (trace IDs).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 06:03 AM