langchain-deploy-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The FastAPI app (main.py) exposes a /chat POST endpoint that accepts arbitrary user input (request.input) and feeds it directly into the LangChain prompt/LLM pipeline via chain.ainvoke, meaning untrusted third‑party/user‑generated content can be ingested and influence model behavior (indirect prompt injection).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The prompt includes Dockerfile instructions that run apt-get and explicitly run useradd to create a non-root user (and contains commands that build/deploy containers on the host), which modify system state (inside images and via local build/deploy) even though it doesn't ask to bypass sudo or alter host system files directly.