arize-prompt-optimization

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill demonstrates excellent security posture by providing explicit negative instructions regarding credential handling. It forbids the agent from reading .env files, searching the filesystem for secrets, or asking users to paste API keys into the chat, directing them instead to secure environment variables or the official Arize CLI profile management system.
  • [SAFE]: External dependencies and tools, such as the arize-ax-cli, are official resources from the vendor (Arize) and are necessary for the skill's primary function of prompt optimization and observability.
  • [SAFE]: While the skill processes untrusted trace data (spans and annotations), it mitigates the risk of indirect prompt injection by providing a structured 'Optimization Meta-Prompt' template. This template uses clear boundary markers (e.g., ORIGINAL BASELINE PROMPT, PERFORMANCE DATA) and explicit instructions to focus on failures without blindly following instructions embedded within the processed data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 10:07 AM
Security Audit — agent-trust-hub — arize-prompt-optimization