skills/akillness/oh-my-skills/opik/Gen Agent Trust Hub

opik

Fail

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Opik platform source code from its official GitHub repository (comet-ml/opik).
  • [EXTERNAL_DOWNLOADS]: Includes instructions and error messages pointing to the official installer for the uv package manager on the astral.sh domain.
  • [REMOTE_CODE_EXECUTION]: Provides a shell command pattern for installing the uv tool by piping a remote script to sh.
  • [COMMAND_EXECUTION]: Executes the local opik.sh script to manage Docker Compose services for self-hosted server deployments.
  • [PROMPT_INJECTION]: The skill is designed to process untrusted LLM outputs and traces, which presents a surface for indirect prompt injection attacks.
  • Ingestion points: Python SDK decorators and framework integrations ingest live traffic and trace data from LLM applications.
  • Boundary markers: No explicit delimiters or ignore-instructions are implemented in the skill's data processing logic.
  • Capability inventory: The skill environment is granted Bash and WebFetch tool permissions.
  • Sanitization: Trace data is aggregated and analyzed without explicit sanitization or filtering within the skill wrapper.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 06:19 AM
Security Audit — agent-trust-hub — opik