langchain-agent
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires cloning a repository from
https://github.com/Eng0AI/langchain-agent.git. This source is not on the Trusted External Sources list, making it an unverifiable dependency. - [REMOTE_CODE_EXECUTION] (HIGH): Following the download from an untrusted source, the skill instructs the user to run
pnpm installandpnpm dev. This effectively executes the logic contained within the external repository without any verification or sandboxing. - [CREDENTIALS_UNSAFE] (SAFE): While the skill mentions sensitive variables like
POSTGRES_URLandOPENAI_API_KEY, it uses them as placeholders for user-provided environment variables rather than hardcoding actual credentials. - [PROMPT_INJECTION] (LOW): The skill is described as an agent with a 'search' tool. This creates an attack surface for indirect prompt injection, where malicious content retrieved from the web could attempt to influence the agent's behavior at runtime.
- Ingestion points: Search engine results processed by LangChain.
- Boundary markers: None specified in the documentation.
- Capability inventory: Logic execution via LangGraph and tool invocation.
- Sanitization: Not addressed in the setup instructions.
Recommendations
- AI detected serious security threats
Audit Metadata