Skills
skills/scientiacapital/skills/langgraph-agents/Gen Agent Trust Hub

langgraph-agents

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing necessary agentic frameworks and dependencies using standard package managers (pip). It also references the use of Model Context Protocol (MCP) servers downloaded via npx from reputable organizations, such as Anthropic. These downloads are documented neutrally as they are part of the intended system configuration and originate from well-known technology entities.
  • [COMMAND_EXECUTION]: Within the Deep Agents framework reference, the skill identifies an execute_command tool. The documentation explicitly classifies this as a high-risk capability and provides robust security patterns to mitigate risk, including sandboxed execution environments, declarative interrupt patterns for human approval (HITL), and file extension validation through middleware.
  • [DATA_EXFILTRATION]: The skill documents integration with LangSmith for observability and tracing. This involves sending execution metadata and token usage to an external monitoring service. This is a standard industry practice for production AI systems and is handled using environment-based secret management (e.g., placeholders for API keys) rather than hardcoded credentials.
  • [PROMPT_INJECTION]: As an orchestration framework for agents processing untrusted user input, the skill acknowledges the surface for indirect prompt injection. It provides extensive remediation examples, including PII redaction regex patterns, keyword-based injection detection logic, recursion limits to prevent infinite loops, and strict schema validation for agent outputs.
  • Ingestion points: Untrusted data enters the system through the AgentState messages list and tool-specific inputs defined in state-schemas.md.
  • Boundary markers: Recommended use of structured system prompts and isolated sub-agent contexts as detailed in context-engineering.md.
  • Capability inventory: Potential for file system access and shell command execution is documented in deep-agents.md.
  • Sanitization: Robust sanitization logic is provided in guardrails.md, including PII filtering, prompt injection detection nodes, and unauthorized tool call enforcement.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:50 PM