Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/langchain-core-workflow-b/Gen Agent Trust Hub

langchain-core-workflow-b

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The calculate tool in SKILL.md uses the eval() function to evaluate mathematical expressions. This pattern allows for arbitrary Python code execution if an attacker can control the string passed to the tool, posing a risk of command execution within the agent's environment.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection through its agent configuration in SKILL.md.
  • Ingestion points: Untrusted data enters via the {input} variable and external tool outputs like search_web or async_search.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the ChatPromptTemplate to isolate user input from system instructions.
  • Capability inventory: The agent has access to tools capable of dynamic execution (eval()) and network operations (aiohttp in async_search).
  • Sanitization: There is no evidence of input validation, escaping, or filtering of external content before it is interpolated into the agent's prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 01:03 AM