langfuse
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents the use of Langfuse's prompt management features, which involve fetching prompt templates from a remote server and interpolating variables. This creates an indirect prompt injection surface.
- Ingestion points: Remote prompt templates fetched via
langfuse.get_prompt()inSKILL.md. - Boundary markers: Absent in the provided examples.
- Capability inventory: Orchestrates LLM generations via the
openailibrary as shown inSKILL.md. - Sanitization: No explicit sanitization or validation of the fetched prompt content or interpolation variables is demonstrated.
Audit Metadata