phoenix-observability

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill installs and uses the official 'arize-phoenix' packages and 'openinference' instrumentation libraries from the official Arize AI ecosystem. These are well-known and standard tools for LLM observability.
  • [SAFE]: Sensitive configurations such as database connection strings and JWT secrets are managed through environment variables (e.g., PHOENIX_SQL_DATABASE_URL, PHOENIX_SECRET). This follows standard security practices for self-hosted observability platforms.
  • [SAFE]: The skill documents an indirect prompt injection surface (Category 8) within its evaluation framework. Untrusted data from LLM traces is ingested via 'client.get_spans_dataframe' and interpolated into prompt templates for LLM-based judging (e.g., 'CUSTOM_EVAL_TEMPLATE' in 'references/advanced-usage.md'). While these templates lack explicit boundary markers or sanitization logic, this is the inherent and intended functionality of an evaluation platform. Users should ensure that evaluation models have limited capabilities and follow prompt engineering best practices when analyzing untrusted inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 12:55 AM
Security Audit — agent-trust-hub — phoenix-observability