tracekit-ruby-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
tracekitgem from a Ruby package registry, which is the standard method for SDK integration. - [CREDENTIALS_UNSAFE]: The documentation emphasizes security best practices by explicitly warning against hardcoding API keys and providing instructions for using environment variables (
TRACEKIT_API_KEY) and secret managers. - [DATA_EXFILTRATION]: The SDK is configured to transmit tracing and monitoring data to the vendor's official backend at
app.tracekit.dev. This is expected behavior for an Application Performance Monitoring (APM) tool. - [SAFE]: No malicious patterns such as obfuscation, command injection, or privilege escalation were identified. The logic used for framework detection and SDK initialization is consistent with standard Ruby development patterns.
Audit Metadata