instrument

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a standard development tool for adding tracing and observability to Python and TypeScript projects. All operations described are consistent with its stated purpose of instrumenting code for Opik.
  • [COMMAND_EXECUTION]: The skill uses tools like Grep, Glob, and Bash to discover project structure and frameworks. While it provides commands for package installation (npm/pip), it explicitly instructs the agent to print these commands for the user rather than executing them automatically, maintaining user control.
  • [CREDENTIALS_UNSAFE]: The skill manages the OPIK_API_KEY and other configuration by recommending storage in .env files or the tool-specific ~/.opik.config file. This aligns with standard developer workflows for local secret management and does not involve hardcoding or exfiltrating credentials.
  • [EXTERNAL_DOWNLOADS]: The skill references official packages from the vendor (opik, opik-openai, etc.) hosted on standard registries like PyPI and NPM. These are recognized as legitimate dependencies for the Opik platform.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 08:46 PM
Security Audit — agent-trust-hub — instrument