deepagents
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The setup script installs the 'uv' package manager by fetching and executing its official installation script from astral.sh.
- [EXTERNAL_DOWNLOADS]: The skill installs several Python packages, including 'deepagents' and various LangChain-related libraries, from the official Python Package Index (PyPI).
- [COMMAND_EXECUTION]: The framework provides an 'execute' tool that allows agents to run shell commands as part of its core functionality, with documentation recommending human-in-the-loop (HITL) approvals for safety.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external file content which could contain malicious instructions that influence the agent's behavior.
- Ingestion points: Data entered via 'read_file', 'grep', and user message inputs.
- Boundary markers: The system prompt does not use explicit delimiters to isolate untrusted content from instructions.
- Capability inventory: The agent has access to 'execute', 'write_file', and 'edit_file' tools.
- Sanitization: No sanitization of ingested file content is performed before inclusion in the prompt context.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata