langsmith-fetch
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a package named 'langsmith-fetch' via pip. Although it claims the tool is an official utility from LangChain, the provided repository link (github.com/langchain-ai/langsmith-fetch) is non-existent, suggesting either a supply chain risk or deceptive attribution.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands, including 'mkdir', 'grep', and the 'langsmith-fetch' CLI. It specifically provides instructions to modify user shell profile files (~/.bashrc and ~/.zshrc) to persist environment variables, which is a persistence mechanism that alters the user's environment across sessions.
- [PROMPT_INJECTION]: The skill processes untrusted JSON data fetched from external API traces. Ingestion Point: Data is fetched via 'langsmith-fetch trace' and 'langsmith-fetch traces'. Boundary Markers: None; there are no instructions to ignore embedded commands within the fetched data. Capability Inventory: The agent can execute shell commands and write to files. Sanitization: There is no evidence of validation or escaping of the fetched content before it is analyzed by the agent, making it vulnerable to indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata