langsmith-fetch
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill instructs users to install an external package 'langsmith-fetch' using pip. It references a repository 'github.com/langchain-ai/langsmith-fetch' which appears to be a well-known organization, though the package itself is not the official LangSmith SDK.\n- [PERSISTENCE_MECHANISMS]: The troubleshooting section suggests appending sensitive environment variables ('LANGSMITH_API_KEY') to shell configuration files ('
/.bashrc' or '/.zshrc'). While common for developer tools, this persists credentials in the shell environment.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: Setup verification steps include commands to 'echo' the 'LANGSMITH_API_KEY' to the terminal, which exposes the secret in the console output and history.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes execution traces containing untrusted agent interaction data, creating a potential injection surface.\n - Ingestion points: Commands like 'langsmith-fetch traces' and 'langsmith-fetch trace ' retrieve data from an external service into the agent context.\n
- Boundary markers: None identified; trace data is processed directly by the agent without delimiters.\n
- Capability inventory: Includes shell command execution ('langsmith-fetch', 'grep') and file system operations ('mkdir', redirection).\n
- Sanitization: No explicit sanitization or validation of the fetched trace data is performed before analysis.\n- [METADATA_POISONING]: The resources section links to a repository 'github.com/langchain-ai/langsmith-fetch'. This repository does not appear to be an official LangChain repository, potentially misleading users about the tool's origin.
Audit Metadata