opik
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Opik platform source code from its official GitHub repository (comet-ml/opik).
- [EXTERNAL_DOWNLOADS]: Includes instructions and error messages pointing to the official installer for the uv package manager on the astral.sh domain.
- [REMOTE_CODE_EXECUTION]: Provides a shell command pattern for installing the uv tool by piping a remote script to sh.
- [COMMAND_EXECUTION]: Executes the local opik.sh script to manage Docker Compose services for self-hosted server deployments.
- [PROMPT_INJECTION]: The skill is designed to process untrusted LLM outputs and traces, which presents a surface for indirect prompt injection attacks.
- Ingestion points: Python SDK decorators and framework integrations ingest live traffic and trace data from LLM applications.
- Boundary markers: No explicit delimiters or ignore-instructions are implemented in the skill's data processing logic.
- Capability inventory: The skill environment is granted Bash and WebFetch tool permissions.
- Sanitization: Trace data is aggregated and analyzed without explicit sanitization or filtering within the skill wrapper.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata