Skills
skills/eng0ai/eng0-template-skills/langchain-retrieval-agent/Gen Agent Trust Hub

langchain-retrieval-agent

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill requires cloning a repository from an untrusted GitHub user (Eng0AI/langchain-retrieval-agent). This source is not on the trusted organizations or repositories list.
  • REMOTE_CODE_EXECUTION (HIGH): The setup instructions include running pnpm install, pnpm build, and pnpm dev on the contents of the untrusted repository. These commands execute lifecycle scripts (preinstall, postinstall, etc.) and application code, allowing for arbitrary execution of code controlled by the external author.
  • COMMAND_EXECUTION (MEDIUM): The skill uses manual shell commands to clone, move files, and remove git history. While these specific commands are not malicious in isolation, they are used to facilitate the deployment of unverified external code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:09 PM