Skills
skills/arize-ai/phoenix/phoenix-release-notes/Gen Agent Trust Hub

phoenix-release-notes

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to list and view releases and standard Unix utilities (ls, grep, mkdir, cat) to manage local documentation files and navigate the repository structure.
  • [DATA_EXFILTRATION]: The skill reads documentation and package configuration files and pushes updates to GitHub releases via the gh release edit command as part of its intended workflow.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub release bodies and repository source code (Step 2 and Step 7) to generate documentation.
  • Ingestion points: External data is fetched from GitHub via gh release view and local source code is read from directories such as src/phoenix/server/api/ and packages/phoenix-client/.
  • Boundary markers: The skill does not employ specific delimiters or "ignore instructions" markers when processing the ingested code or release descriptions.
  • Capability inventory: The agent possesses the capability to write to the local filesystem (docs/) and update remote GitHub releases (gh release edit).
  • Sanitization: The workflow does not include explicit validation or sanitization of the fetched external data before it is incorporated into the documentation or release updates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 02:51 PM