Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/dspy-langtrace/Gen Agent Trust Hub

dspy-langtrace

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses the official langtrace-python-sdk and refers to the verified GitHub repository Scale3-Labs/langtrace for self-hosted setup. Documentation examples use dummy placeholders for API keys ("your-key") and database credentials ("secret").
  • [COMMAND_EXECUTION]: The skill includes standard commands for library installation (pip install) and service deployment (docker compose) which are appropriate for its functional scope.
  • [PROMPT_INJECTION]: The skill processes external data (user questions) within its DSPy modules. This represents an indirect prompt injection surface, but it is considered safe here as the skill lacks exploitable capabilities.
  • Ingestion points: question input in SupportBot and RAGPipeline (SKILL.md, examples.md).
  • Boundary markers: Not used in provided examples.
  • Capability inventory: No dangerous functions (exec, eval, system calls) are present.
  • Sanitization: None observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:16 PM