Security Practices
Skills Trace is designed from the ground up to be safe for production AI infrastructure. Our detection engine is read-only, async, and never touches your prompt content.
Core Principles
Read-Only Prompt Inspection
Skills Trace never modifies, blocks, or alters prompts or LLM requests. The detection engine operates in a strictly read-only mode, inspecting payloads only to identify skill fingerprints.
No Prompt Content Logging
Only skill identity metadata is emitted — skill ID, version, detection method, and confidence score. Prompt content, user messages, and LLM responses are never captured or stored.
Registry as Trusted Input
Fingerprint registries define which skills to detect. In production, registries should be signed and verified to prevent tampering. Skills Trace validates registry integrity at load time.
Encrypted Telemetry Transport
All telemetry data in transit is encrypted using TLS. The HTTP emitter supports bearer token authentication. ClickHouse Cloud connections use HTTPS with certificate verification.
Read-Only Data Flow
Skills Trace sits in the request path but never modifies it. Here is how data flows through the detection pipeline:
LLM Request
AI agent sends request through your gateway
Read-Only Scan
Skills Trace inspects payload for fingerprints (no mutation)
Metadata Emit
Only skill identity metadata is emitted asynchronously
Pass Through
Original request continues to the LLM unmodified
Tenant Isolation
All telemetry data is scoped by tenant identifier. The ClickHouse primary key starts with tenant_id, ensuring optimal partition pruning and strict data isolation between organizations.
API authentication is required for all telemetry ingestion and query endpoints. Rate limiting is enforced per tenant to prevent abuse and ensure fair resource allocation.
Responsible Disclosure
Found a security vulnerability? Please report it responsibly. We take all security reports seriously and will respond promptly.