Skills
skills/phrazzld/claude-config/helicone-observability/Gen Agent Trust Hub

helicone-observability

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill documentation references a sensitive local file path at ~/.secrets for storing the HELICONE_API_KEY. Accessing or encouraging the use of hidden secret files increases the risk of credential exposure if the environment is misconfigured or compromised.\n- [PROMPT_INJECTION]: The skill implements patterns for interpolating dynamic, untrusted data (such as userId and conversationId) directly into HTTP headers like Helicone-User-Id and Helicone-Session-Id. This creates a surface for indirect prompt injection or data poisoning of the observability dashboard.\n
  • Ingestion points: Dynamic headers in the streamText and createAnthropic code blocks within SKILL.md.\n
  • Boundary markers: None are present to delimit user-provided identifiers within the header strings.\n
  • Capability inventory: The skill facilitates HTTPS network requests to Helicone's proxy gateways (anthropic.helicone.ai, oai.helicone.ai, gateway.helicone.ai).\n
  • Sanitization: No sanitization or validation of the dynamic variables is performed before they are inserted into the request headers.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:26 PM