ai-orchestration-langchain
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The 'calculator' tool provided in 'examples/agents.md' and 'examples/structured-output-tools.md' uses the JavaScript 'eval()' function to process the 'expression' argument. Because this argument is generated by an LLM based on user input, an attacker can manipulate the input to execute arbitrary JavaScript code within the agent's environment.
- [EXTERNAL_DOWNLOADS]: The skill documentation ('reference.md') and 'SKILL.md' promote the installation of numerous third-party dependencies from the '@langchain' organization and other NPM registries. Furthermore, 'examples/rag.md' demonstrates the use of 'CheerioWebBaseLoader' to fetch and process content from external web URLs.
- [PROMPT_INJECTION]: The skill facilitates the development of RAG (Retrieval-Augmented Generation) pipelines that process untrusted external data from websites, PDFs, and text files ('examples/rag.md'). This introduces a risk of indirect prompt injection where malicious instructions embedded in retrieved documents could hijack the agent's behavior, especially given the presence of powerful tools like the 'eval'-based calculator.
Recommendations
- AI detected serious security threats
Audit Metadata