langchain

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is largely benign instructional LangChain examples, but it includes an exposed eval() in a model-invokable "calculator" tool (and tool binding to the LLM) which creates a clear remote code execution/backdoor risk if used with untrusted input.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "Always verify patterns with latest docs" using mcp_context7_resolve-library-id and mcp_context7_query-docs (targeting the public /langchain-ai/langchain docs), which causes the agent to fetch and interpret open/public third‑party content that can influence its behavior.