LLM Tracing and Observability Setup
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill configures applications to send trace data, including prompt content, model responses, and metadata, to external observability backends (cloud.langfuse.com, oai.helicone.ai). These are well-known services used for LLM operations and debugging.
- [EXTERNAL_DOWNLOADS]: Instructions include the installation of the
langfusepackage from public registries, which is the standard library for the associated observability service. - [PROMPT_INJECTION]: The provided implementation examples demonstrate passing unvalidated user input directly into LLM chain invocations and API calls (e.g.,
user_query,user_input). This pattern identifies a surface for indirect prompt injection where malicious instructions embedded in user data could influence the behavior of the instrumented model. - Ingestion points:
generate_responseandchain.invokecalls inSKILL.mdaccept raw string inputs. - Boundary markers: Absent in the provided code snippets.
- Capability inventory: Instrumented functions perform network operations via LLM providers (OpenAI) and observability APIs.
- Sanitization: No sanitization or input validation logic is included in the configuration templates.
Audit Metadata