langsmith-fetch
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands using the langsmith-fetch CLI tool to retrieve traces, threads, and configuration data as part of its core debugging workflows.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the langsmith-fetch package from PyPI and references the langchain-ai repository for the CLI tool; it also provides instructions for downloading the skill definition directly from GitHub.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes execution traces from LangSmith, which may contain attacker-controlled content from external agent interactions. * Ingestion points: Execution traces fetched via langsmith-fetch in SKILL.md. * Boundary markers: Absent; the agent is instructed to analyze the data directly without delimiters. * Capability inventory: The skill can execute shell commands, create directories, and write to files. * Sanitization: None; fetched trace data is processed without validation or filtering.
- [DATA_EXFILTRATION]: The skill provides workflows to export debugging sessions containing potentially sensitive agent trace data to local directories, which could lead to unintended data exposure if the environment is shared.
Audit Metadata