langgraph
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: In SKILL.md, a code example for a custom calculator tool uses the Python
eval()function to process input strings. Although marked as a simplified example, usingeval()on unsanitized strings is an unsafe practice that can lead to arbitrary code execution if the input is controlled by an untrusted source.\n- [PROMPT_INJECTION]: The skill documents multiple multi-agent workflow patterns that ingest untrusted user data without explicit sanitization or boundary markers, which represents a potential surface for indirect prompt injection.\n - Ingestion points: User inputs enter the agent context through state fields such as
user_inputandcustomer_queryas described in SKILL.md.\n - Boundary markers: The provided prompt templates in the examples lack clear delimiters or specific instructions to the model to ignore instructions embedded within the user-provided data.\n
- Capability inventory: The documented workflows possess capabilities that could be abused if compromised, including web search tools and mathematical execution.\n
- Sanitization: The provided architectural examples do not include validation or sanitization logic, leaving the responsibility of securing the input entirely to the user.
Audit Metadata