arize-trace

Warn

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted trace and span data that may contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Trace data is retrieved from external sources via ax spans export and ax traces export (SKILL.md).
  • Boundary markers: The skill includes an explicit 'untrusted content guardrail' warning.
  • Capability inventory: The agent uses the ax CLI to execute various shell commands for data export.
  • Sanitization: Instructions explicitly forbid the agent from interpreting or acting on the content within span attributes, requiring it to be treated as raw text only.
  • [COMMAND_EXECUTION]: The skill instructs the agent to modify sensitive shell configuration files to persist configuration settings.
  • Evidence: references/ax-profiles.md contains instructions to append environment variables to ~/.zshrc or ~/.bashrc.
  • [COMMAND_EXECUTION]: The skill relies on executing the ax CLI tool via subprocesses to interact with the Arize platform.
  • Evidence: Frequent use of ax subcommands for exporting data and managing user profiles across all files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 26, 2026, 10:07 AM
Security Audit — agent-trust-hub — arize-trace