LangChain Fundamentals

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). Mostly benign documentation, but it includes explicit unsanitized eval() usage in both the Python and TypeScript "calculate" tool examples (str(eval(expression)) / String(eval(expression))) which directly enables remote code execution on attacker-controlled input and thus represents a high-risk backdoor/abuse vector; other content (middleware, persistence) may increase data exposure but is not itself clearly malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and instructions (e.g., the "fix-missing-tool-description" section showing search(query) -> web_search(query) and multiple agent examples using tools=[search]) explicitly call a web search tool that fetches open/public web content for the agent to read and act on, exposing it to untrusted third-party pages that could contain injected instructions.