skills/jeremylongshore/claude-code-plugins-plus-skills/langchain-deploy-integration/Gen Agent Trust Hub
langchain-deploy-integration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permission for Bash(docker:) and Bash(gcloud:) to build images and manage Google Cloud resources, which is consistent with its primary purpose of infrastructure deployment.\n- [EXTERNAL_DOWNLOADS]: The Dockerfile and deployment examples perform external package installation using pip and apt-get from standard official repositories to construct the production environment.\n- [PROMPT_INJECTION]: The FastAPI application template creates an indirect prompt injection surface by accepting untrusted input and passing it directly to a LangChain chain.\n
- Ingestion points: ChatRequest.input in main.py\n
- Boundary markers: Absent in the ChatPromptTemplate\n
- Capability inventory: LangChain chain execution in main.py and privileged bash access in SKILL.md\n
- Sanitization: Absent in the provided code example
Audit Metadata