arize-instrumentation
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of official Arize and OpenTelemetry packages using standard managers like pip and npm, as well as the Arize Tracing Assistant via uvx from the official Arize repository.
- [COMMAND_EXECUTION]: Utilizes the Arize CLI (ax) for profile management and verification of instrumentation, which is part of the intended developer workflow.
- [DATA_EXFILTRATION]: Traces are sent to Arize's official endpoints (otlp.arize.com), which is the intended functionality of the skill for observability.
- [PROMPT_INJECTION]: The skill analyzes codebase manifests and imports to determine instrumentation needs. This serves as an ingestion point for untrusted data, although evaluated as safe within the context of developer tools.
- Ingestion points: SKILL.md Phase 1 analysis of project manifests (requirements.txt, package.json, etc.) and source files.
- Boundary markers: No specific delimiters or "ignore instructions" markers are used during the code analysis process.
- Capability inventory: The skill has the capability to install packages, create files, and modify application source code during Phase 2.
- Sanitization: No explicit sanitization of codebase content is performed during analysis.
Audit Metadata