langsmith-fetch
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill recommends displaying sensitive environment variables via
echo $LANGSMITH_API_KEY, exposing credentials in terminal history and session logs. It also suggests storing keys in plain text within shell configuration files. - [COMMAND_EXECUTION]: The skill instructs the agent to modify the user's shell profile by appending export commands to
~/.bashrc. This is a persistence mechanism that ensures environment variables are loaded in every new session, but it can also be leveraged to execute arbitrary code at startup. - [PROMPT_INJECTION]: The skill processes trace data from LangSmith that may contain untrusted inputs, creating an indirect prompt injection surface. Ingestion points: The skill fetches JSON data from the LangSmith API using the
langsmith-fetchCLI tool. Boundary markers: There are no markers or isolation instructions to separate fetched data from the agent's logic. Capability inventory: The skill executes various system commands includinggrep,mkdir, andpip install. Sanitization: There is no evidence of validation or escaping of the data retrieved from LangSmith traces before it is processed or presented to the user.
Recommendations
- AI detected serious security threats
Audit Metadata