langsmith

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and uses public, potentially user-generated prompts and datasets from the LangSmith Prompt Hub / public dataset URLs (e.g., client.pull_prompt in SKILL.md and references/python-sdk.md, the quickstart demo_prompt, and client.clone_public_dataset("https://smith.langchain.com/public/...")), meaning untrusted third-party content is ingested and can directly change LLM behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime calls to the LangSmith service (e.g., https://smith.langchain.com and the API https://api.smith.langchain.com) — Client.pull_prompt() / Client.create_dataset()/evaluate() fetch remote prompt/dataset content which is then injected and used as agent instructions, so the external URL is a runtime dependency that can directly control prompts.