phoenix-cli-development
Design and implementation guide for the Phoenix CLI (`px`). Covers the noun-verb command structure, dual-audience design (humans and coding agents), Commander.js patterns, configuration resolution, output formats, exit codes, and conventions for adding or modifying commands. Triggers when working on phoenix-cli commands — adding new commands, modifying existing ones, refactoring command structure, or reviewing CLI code. Also triggers on mentions of `px` commands, CLI design, or adding a new resource to the CLI.
91
88%
Does it follow best practices?
Impact
99%
2.25xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Security
1 high severity finding. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The spec defines an --api-key CLI flag and includes apiKey in the options (and emphasizes CLI flags as the highest-priority config source), which encourages agents to supply API keys as literal command-line arguments and therefore to include secret values verbatim in generated commands—an exfiltration risk.
- Repository
- Arize-ai/phoenix
- Commit
924117e
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.