tracing
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official 'langwatch' library for Python and TypeScript using standard package managers (npm, pip). These are legitimate vendor resources provided by the skill author.
- [PROMPT_INJECTION]: The skill instructs the agent to read the full codebase and git history, including commit messages, to identify where to add tracing. This ingestion of untrusted external content, paired with the agent's ability to modify files and install packages, creates an attack surface for indirect prompt injection. * Ingestion points: Full codebase and git history (SKILL.md). * Boundary markers: Absent; no instructions are provided to the agent to distinguish between code and embedded malicious instructions. * Capability inventory: File system modification, package installation, and MCP tool usage. * Sanitization: Absent; no validation or filtering of the ingested data is performed.
Audit Metadata