langchain

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains code examples that place API keys and secrets as literal string values (e.g., api_key="your-key", os.environ["LANGCHAIN_API_KEY"]="your-langsmith-key"), which encourages embedding real secrets verbatim in generated code/commands and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md section "6. RAG (Retrieval-Augmented Generation)" explicitly uses WebBaseLoader (e.g., WebBaseLoader("https://example.com")) and a retriever/chain that feeds those web-loaded documents into prompts, so the agent will fetch and interpret untrusted public web content that can materially influence its outputs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls hub.pull("hwchase17/react") at runtime to fetch a ReAct prompt from the LangChain Hub, which would remotely supply the agent's prompt/instructions and thus directly control agent behavior (flagged: hub.pull("hwchase17/react")).