langgraph
Fail
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The calculator tool in the Basic Agent Graph pattern utilizes the Python eval() function on an expression string derived from the LLM's interpretation of user input. This is inherently dangerous as it allows for arbitrary code execution if a malicious user provides a crafted prompt to the agent.
- [COMMAND_EXECUTION]: By exploiting the eval() function in the calculator tool, an attacker can execute operating system commands by injecting payloads that import the os or subprocess modules.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing untrusted user data without sufficient sanitization. 1. Ingestion points: User queries enter the graph via AgentState messages in SKILL.md. 2. Boundary markers: Absent in the example code provided. 3. Capability inventory: The calculator tool in SKILL.md executes eval(). 4. Sanitization: No validation or sandboxing is applied to the mathematical expressions before evaluation.
Recommendations
- AI detected serious security threats
Audit Metadata