langfuse

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill demonstrates secure credential handling by using string placeholders ('pk-...', 'sk-...') for Langfuse API keys in its code snippets.- [PROMPT_INJECTION]: The skill processes untrusted user inputs and LLM responses for logging purposes (e.g., in sub-skills/basic-tracing-setup.md and sub-skills/openai-integration.md). This creates a surface for indirect prompt injection. However, the skill lacks dangerous capabilities such as file writing, shell command execution, or network exfiltration to unknown domains, making the surface non-exploitable within the context of this skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 08:47 PM
Security Audit — agent-trust-hub — langfuse