Skills
skills/tracekit-dev/tracekit-for-ai/tracekit-session-replay/Gen Agent Trust Hub

tracekit-session-replay

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill guides the agent to install the @tracekit/replay package via npm install. It also instructs the agent to execute a local authentication status script, ./scripts/run-tracekit-auth.sh. These actions are necessary for the skill's documented functionality.
  • [DATA_EXFILTRATION]: The skill involves checking for the existence of credentials in ~/.tracekitconfig. This configuration file is used exclusively by the vendor's tool to manage authentication states, and accessing it follows the expected setup workflow.
  • [PROMPT_INJECTION]: The 'Auth Bootstrap' section includes instructions for the agent to attempt automated authentication before requesting manual input from the user. While this involves concealing certain setup steps from the user to improve the developer experience, it does not constitute a safety bypass or malicious behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 12:37 PM