langgraph-multiagent
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of fetching and processing external documentation from the web.
- Ingestion points:
scripts/crawl_docs.pyandassets/templates/python/agentic_rag_docs_fetch.pyfetch external HTML and Markdown content for agent processing. - Boundary markers: The fetching mechanisms do not wrap external content in clear delimiters or include system instructions to ignore embedded directives in the retrieved data.
- Capability inventory: The skill includes file writing (
scripts/crawl_docs.py), repository analysis (scripts/audit_repo_agents.py), and network retrieval tools. - Sanitization: The skill employs allowlists and prefix checks (e.g.,
ALLOWED_PREFIXESinagentic_rag_docs_fetch.py) to restrict network requests to official documentation domains. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch documentation metadata and content.
scripts/crawl_docs.pyandscripts/fetch_llms_txt_urls.pytargetlangchain-ai.github.ioanddocs.langchain.comto seed its documentation cache.- These downloads target well-known, official service domains relevant to the skill's purpose.
- [COMMAND_EXECUTION]: Several utility scripts execute system commands to perform analysis and snapshot library internals.
scripts/opensrc_snapshot.pyusessubprocess.runto executenpx opensrcfor downloading and inspecting library source code.scripts/audit_repo_agents.pyexecutes therg(ripgrep) utility to scan the local repository for deprecated patterns.
Audit Metadata