langgraph

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In SKILL.md, a code example for a custom calculator tool uses the Python eval() function to process input strings. Although marked as a simplified example, using eval() on unsanitized strings is an unsafe practice that can lead to arbitrary code execution if the input is controlled by an untrusted source.\n- [PROMPT_INJECTION]: The skill documents multiple multi-agent workflow patterns that ingest untrusted user data without explicit sanitization or boundary markers, which represents a potential surface for indirect prompt injection.\n
  • Ingestion points: User inputs enter the agent context through state fields such as user_input and customer_query as described in SKILL.md.\n
  • Boundary markers: The provided prompt templates in the examples lack clear delimiters or specific instructions to the model to ignore instructions embedded within the user-provided data.\n
  • Capability inventory: The documented workflows possess capabilities that could be abused if compromised, including web search tools and mathematical execution.\n
  • Sanitization: The provided architectural examples do not include validation or sanitization logic, leaving the responsibility of securing the input entirely to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:20 PM
Security Audit — agent-trust-hub — langgraph