arize-trace
Warn
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted trace and span data that may contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Trace data is retrieved from external sources via
ax spans exportandax traces export(SKILL.md). - Boundary markers: The skill includes an explicit 'untrusted content guardrail' warning.
- Capability inventory: The agent uses the
axCLI to execute various shell commands for data export. - Sanitization: Instructions explicitly forbid the agent from interpreting or acting on the content within span attributes, requiring it to be treated as raw text only.
- [COMMAND_EXECUTION]: The skill instructs the agent to modify sensitive shell configuration files to persist configuration settings.
- Evidence:
references/ax-profiles.mdcontains instructions to append environment variables to~/.zshrcor~/.bashrc. - [COMMAND_EXECUTION]: The skill relies on executing the
axCLI tool via subprocesses to interact with the Arize platform. - Evidence: Frequent use of
axsubcommands for exporting data and managing user profiles across all files.
Audit Metadata