langchain-hello-world
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and boilerplate code for getting started with LangChain. All activities described are consistent with standard developer onboarding for the library.- [EXTERNAL_DOWNLOADS]: The skill recommends installing official and widely-used packages ("langchain", "langchain-openai") from standard public registries.- [PROMPT_INJECTION]: The code snippets demonstrate how to interpolate user input into prompt templates, which is a standard surface for indirect prompt injection. Given the educational context, this is a pedagogical example rather than a vulnerability.
- Ingestion points: User-provided data enters the system through variables such as
{input}and{topic}in the Python and TypeScript examples. - Boundary markers: None are implemented in the minimal boilerplate examples.
- Capability inventory: The skill uses the
Writetool to create the script files and instructs the user to execute the resulting code locally. - Sanitization: No sanitization is performed on the input variables, consistent with a minimal "Hello World" demonstration.
Audit Metadata