langextract
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and process content from remote URLs for information extraction, as demonstrated in its examples and the
text_or_documentsparameter. - [COMMAND_EXECUTION]: The helper script
scripts/extract.pyperforms local file system operations, including reading input text files and writing output results (JSONL and HTML) to user-specified paths on disk. - [REMOTE_CODE_EXECUTION]: The library implements a plugin system using Python entry points (
langextract.providers), which allows for the dynamic loading and execution of external code for custom model providers. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks. Maliciously crafted content within the source documents or fetched URLs could contain instructions designed to subvert the extraction logic or manipulate the LLM's output. Ingestion points: The skill ingests raw text, local files, and remote URLs provided by the user. Boundary markers: The skill does not implement robust delimiters or sanitization routines to isolate the source text from the extraction instructions. Capability inventory: The skill has network access for fetching documents and file-writing capabilities for saving results. Sanitization: No explicit sanitization or validation of the input text is present in the provided scripts to prevent injection payloads.
Audit Metadata