instrument
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard development tool for adding tracing and observability to Python and TypeScript projects. All operations described are consistent with its stated purpose of instrumenting code for Opik.
- [COMMAND_EXECUTION]: The skill uses tools like Grep, Glob, and Bash to discover project structure and frameworks. While it provides commands for package installation (npm/pip), it explicitly instructs the agent to print these commands for the user rather than executing them automatically, maintaining user control.
- [CREDENTIALS_UNSAFE]: The skill manages the OPIK_API_KEY and other configuration by recommending storage in .env files or the tool-specific ~/.opik.config file. This aligns with standard developer workflows for local secret management and does not involve hardcoding or exfiltrating credentials.
- [EXTERNAL_DOWNLOADS]: The skill references official packages from the vendor (opik, opik-openai, etc.) hosted on standard registries like PyPI and NPM. These are recognized as legitimate dependencies for the Opik platform.
Audit Metadata