braintrust-analyze
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill documentation instructs the agent to read sensitive environment files (~/.claude/.env and .env) to retrieve API keys. Accessing files like .env which commonly contain multiple secrets is a high-risk pattern for credential exposure.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests traces and spans from the Braintrust API, which contain data from past sessions including potentially malicious user or tool content. * Ingestion points: Braintrust API session traces and spans. * Boundary markers: Absent; no delimitation is used for trace data. * Capability inventory: Bash execution capability via uv run. * Sanitization: Absent; no filtering of ingested trace content is described.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes local Python scripts using the uv package manager and Bash. This relies on the security of the script scripts/braintrust_analyze.py and its environment.
- [DATA_EXFILTRATION] (LOW): The skill connects to the Braintrust API, which is not a whitelisted trusted source. While required for the skill's function, it constitutes external data transmission.
Recommendations
- AI detected serious security threats
Audit Metadata