Skills
skills/firecrawl/ai-research-skills/langchain/Gen Agent Trust Hub

langchain

Fail

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Use of the unsafe eval() function in custom tool definitions.\n
  • The SKILL.md (lines 135-139) and references/agents.md (lines 14-16) define a 'Calculator' tool that passes raw input strings directly to eval(), allowing an agent to execute arbitrary Python code.\n- [REMOTE_CODE_EXECUTION]: Unsafe deserialization of local vector store indices.\n
  • The references/integration.md (line 34) demonstrates using allow_dangerous_deserialization=True when loading FAISS indices, which utilizes the insecure pickle module.\n- [COMMAND_EXECUTION]: Provision of tools allowing direct system command and code execution.\n
  • The integration guide in references/integration.md (lines 351-364) describes implementing ShellTool and PythonREPLTool, which give the agent full access to the shell and a Python interpreter on the host system without sandboxing recommendations.\n- [DATA_EXFILTRATION]: Vulnerability to indirect prompt injection due to data ingestion.\n
  • The skill documents various RAG components (SKILL.md, references/rag.md) that fetch content from web pages and GitHub. Malicious instructions in these external sources could be used to exfiltrate data if combined with the tool-calling capabilities provided in the skill.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 28, 2026, 06:07 PM