opik-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references the
opik-optimizerPython package and thecomet-ml/opikGitHub repository. These are legitimate resources for the Opik observability platform. - [CREDENTIALS_UNSAFE] (SAFE): Code examples for MCP tool configuration use placeholders (e.g.,
YOUR_API_KEY) for sensitive authentication tokens. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill identifies a surface for indirect prompt injection as it processes external datasets for optimization. 1. Ingestion points: Datasets loaded via
opik_optimizer.datasetsor user-provided variables inoptimize_prompt(SKILL.md). 2. Boundary markers: Absent; uses standard{placeholder}interpolation in templates. 3. Capability inventory: Tool-calling execution and iterative LLM meta-prompting (references/prompt_agent_workflow.md). 4. Sanitization: Absent; the skill assumes data is evaluated against user-defined metrics. - [PROMPT_INJECTION] (SAFE): No instructions designed to bypass agent safety filters or override system constraints were detected.
Audit Metadata