LangGraph State Machine Designer
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of instructional content for generating valid LangGraph code. It uses standard imports from well-known libraries such as
langchain_coreandlanggraph, following legitimate programming practices for state machine design. - [PROMPT_INJECTION]: The skill presents an ingestion surface for indirect prompt injection because it processes arbitrary natural language workflow descriptions from users. This risk is inherent to its primary function as a code generator.
- Ingestion points: User-provided descriptions (e.g., "Design a LangGraph agent that...") are ingested as the primary data source for graph generation in
SKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or defensive instructions for the agent to use when interpreting user input.
- Capability inventory: The skill's scope is limited to code generation. The provided code templates for node functions and graph building do not include dangerous operations like shell command execution, file system writes outside of state updates, or network exfiltration.
- Sanitization: Absent. There is no mechanism described for sanitizing or validating user-provided descriptions before they are used to influence the agent's logic.
Audit Metadata