Skills
skills/arize-ai/phoenix/phoenix-pr-screenshot/Gen Agent Trust Hub

phoenix-pr-screenshot

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple CLI tools including pnpm, uv, gsutil, and gh to build assets, run the backend server, and interact with cloud storage and GitHub. These are standard operations for a local development workflow.
  • [EXTERNAL_DOWNLOADS]: The skill performs pnpm install which fetches packages from the public NPM registry. This is a routine part of building the application frontend.
  • [PROMPT_INJECTION]: The skill ingest data from GitHub PR bodies via the gh pr view command, creating a surface for indirect prompt injection. 1. Ingestion points: Pull request description. 2. Boundary markers: Absent. 3. Capability inventory: Local command execution, package installation, and GitHub API modification. 4. Sanitization: No sanitization of the PR body content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 01:35 AM