tracekit-python-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions for the agent to prioritize an automated authentication flow over manual user steps (e.g., 'Do not tell the user to go sign up... separately'). While this directs the agent to suppress certain procedural information, it is a UX-focused instruction aimed at bootstrapping the TraceKit environment and does not attempt to bypass safety filters or core instructions.
- [DATA_EXFILTRATION]: The skill accesses authentication data from the local file system ('~/.tracekitconfig') and environment variables ('TRACEKIT_API_KEY'). This data is utilized to initialize the TraceKit SDK, which communicates with the vendor's backend ('app.tracekit.dev'). This behavior is consistent with the intended purpose of an Application Performance Monitoring (APM) tool and targets vendor-owned infrastructure.
- [EXTERNAL_DOWNLOADS]: Installs the 'tracekit-apm' package from the public registry and references a local script './scripts/run-tracekit-auth.sh' for status checks. The package is the official SDK for the service being configured by the skill.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by analyzing local project files (e.g., 'requirements.txt', 'pyproject.toml') to determine the application framework.
- Ingestion points: Reads local project files ('requirements.txt', 'pyproject.toml', 'Pipfile') to detect project structure.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded directives are used when processing these files.
- Capability inventory: The skill has the capability to execute shell commands ('pip install', 'curl') and modify application code.
- Sanitization: No evidence of sanitization or validation of the contents of the ingested project files.
Audit Metadata