Skills
skills/hhhh124hhhh/langgraph-partner/langgraph-development/Gen Agent Trust Hub

langgraph-development

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the unsafe eval() function in the calculator tool within scripts/demo_runner.py and inside the project templates defined in scripts/generate_template.py. This allows for arbitrary Python code execution if an AI agent processes malicious input and passes it to these tools.
  • [EXTERNAL_DOWNLOADS]: The scripts/setup_environment.py and scripts/quick_start.py scripts perform automated installation of multiple Python packages from PyPI using pip install. While the packages listed are standard libraries for AI development, the automated execution of installation commands from scripts is a significant capability.
  • [COMMAND_EXECUTION]: Central management scripts such as start.py, run.py, and scripts/launch_studio.py rely on the subprocess module to launch external tools, shell commands, and other Python scripts to provide the interactive learning environment.
  • [COMMAND_EXECUTION]: The scripts/test_agent.py script performs dynamic module loading using __import__ and getattr to load and execute agent graphs from paths provided at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 03:14 PM