langsmith-fetch
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill suggests verifying configuration by executing
echo $LANGSMITH_API_KEY, which prints sensitive credentials to the terminal and stores them in shell history files. - [COMMAND_EXECUTION]: The skill instructs users to modify their shell profile (
~/.bashrc) to persist theLANGSMITH_API_KEYandLANGSMITH_PROJECTvariables. This establishes a persistence mechanism that stores sensitive credentials in plain text in a long-lived configuration file. - [EXTERNAL_DOWNLOADS]: The skill installs the
langsmith-fetchpackage from a repository associated with LangChain AI, a well-known and trusted technology provider. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by analyzing data fetched from the LangSmith API.
- Ingestion points: Data enters the agent's context through execution traces and thread logs fetched via the
langsmith-fetchcommand (e.g.,recent-traces.json). - Boundary markers: The instructions do not provide delimiters or security warnings to the agent to prevent it from obeying instructions embedded within the trace data.
- Capability inventory: The agent has the capability to execute shell commands (
pip,mkdir,grep), modify environment configuration, and create local directories. - Sanitization: The skill does not implement validation or sanitization of the JSON data fetched from the external API before the agent processes and analyzes it.
Recommendations
- AI detected serious security threats
Audit Metadata