langgraph

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains examples that embed credentials verbatim (Authorization: Bearer YOUR_API_KEY, postgres connection strings with user:pass, LANGCHAIN_API_KEY="your-langsmith-key"), which instructs or demonstrates including secrets directly in requests/config and therefore risks secret exfiltration if real values are used or inserted by the LLM.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes nodes that perform open-web ingestion — e.g., agent_with_tools uses DuckDuckGoSearchRun and multiple examples call search_web(...) or pass arbitrary documents into map-reduce and research nodes — so the agent will fetch and read untrusted public/web/user-generated content as part of its workflow.