langchain-agent-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill explicitly recommends and provides templates for tools like 'Python REPL' and 'API Tools'. In an AI agent context, allowing an LLM to generate and execute Python code or construct API calls on the host environment poses a critical risk of Remote Code Execution if the agent is compromised or tricked via injection.
- [PROMPT_INJECTION] (HIGH): Categorized under Indirect Prompt Injection (Category 8). The skill designs agents that ingest untrusted data from 'Search tools' (Google, DuckDuckGo) and 'API tools'. The provided code examples lack boundary markers, input sanitization, or instructions to ignore embedded commands within the retrieved data. This creates a HIGH severity risk because the agent has 'write/execute' capabilities (Python REPL, File tools) and processes external content.
- [COMMAND_EXECUTION] (MEDIUM): Encourages the integration of 'Database tools' (SQL queries). Executing LLM-generated SQL queries without strict validation or read-only constraints can lead to unauthorized data modification or exfiltration.
- [EXTERNAL_DOWNLOADS] (LOW): Recommends installing multiple Python packages (
langchain,langgraph,crewai) and references external repositories. While sources likelangchain-aiandmicrosoftare within the Trusted Scope, others likecrewAIIncare external; however, as these are reputable industry frameworks, the finding is downgraded per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata