Skills
skills/terminalskills/skills/langtrace/Gen Agent Trust Hub

langtrace

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill provides example code for a RAG pipeline and an automated evaluation system that are susceptible to indirect prompt injection due to lack of input sanitization.\n
  • Ingestion points: Untrusted data enters the context via the query parameter in the answer_question function and the test_set data in the evaluate_rag function.\n
  • Boundary markers: The provided prompt templates do not demonstrate the use of delimiters or specific instructions to help the model distinguish between instructions and external data.\n
  • Capability inventory: The examples showcase how to perform LLM calls and automated evaluation logic based on input data.\n
  • Sanitization: No evidence of sanitization, escaping, or validation of the external input is present in the provided snippets.\n- [EXTERNAL_DOWNLOADS]: The documentation provides standard instructions for installing official project dependencies from public registries.\n
  • Fetches the official @langtrase/typescript-sdk package from the public NPM registry.\n
  • Installs the langtrace-python-sdk package from the public PyPI registry.\n
  • Provides a Docker command to pull and run the official langtrace/langtrace-client image from Docker Hub.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 10:12 AM
Security Audit — agent-trust-hub — langtrace