langgraph-human-in-the-loop
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- Untrusted Data Ingestion Surface: The skill describes the use of the
interrupt()function to pause graph execution and wait for human input. This creates a surface where external data enters the agent's context. - Ingestion points: Data enters the graph through the return value of
interrupt()and theCommand(resume=...)input inSKILL.md. - Boundary markers: The examples use prompt strings (e.g., "Do you approve this action?") to provide context to the user.
- Capability inventory: The skill enables routing logic and state updates based on the received input, which controls the agent's subsequent actions.
- Sanitization: The skill proactively includes a 'Validation Loop' section that demonstrates how to implement input validation (e.g., type checking and range validation) before the graph proceeds, which is a recommended security practice.
- Idempotency and Side Effect Management: The skill provides detailed guidance on 'Idempotent Patterns,' specifically warning against performing non-idempotent operations (like database inserts) before an interrupt. This is a robust design pattern that prevents duplicate actions if a node is re-executed upon resumption.
Audit Metadata