tracekit-distributed-tracing
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing guidance on implementing distributed tracing using the TraceKit SDKs.
- [EXTERNAL_DOWNLOADS]: The skill references several TraceKit SDK packages across various ecosystems (Node.js, Go, Python, PHP, Java, .NET, Ruby). These packages follow the vendor's established naming patterns and originate from the author's namespace. These are documented as legitimate vendor resources.
- [CREDENTIALS_UNSAFE]: The skill includes a non-negotiable rule explicitly forbidding the hardcoding of API keys and mandates the use of environment variables (e.g.,
TRACEKIT_API_KEY). - [PROMPT_INJECTION]: No malicious instructions, bypass attempts, or safety filter overrides were detected in the prompt text or metadata.
- [DATA_EXFILTRATION]: Network operations are restricted to the official vendor domain (app.tracekit.dev) and the user's own configured backends. The skill also enforces the configuration of
tracePropagationTargetsto prevent leaking trace context to third-party services.
Audit Metadata