Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/langchain-webhooks-events/Gen Agent Trust Hub

langchain-webhooks-events

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill implements a WebhookCallbackHandler designed to transmit execution metadata to a user-provided URL via HTTP POST requests using the httpx library. The data sent includes model names, token usage statistics, and input/output keys, which is consistent with the skill's stated purpose of building event-driven integrations.
  • [PROMPT_INJECTION]: The FastAPI implementation templates (Step 2 and Step 3) ingest user data directly from WebSocket messages and query parameters to populate LangChain prompts, representing an indirect prompt injection surface.
  • Ingestion points: websocket_chat and stream_chat functions in SKILL.md.
  • Boundary markers: Absent in the provided code templates.
  • Capability inventory: Network requests via httpx.Client in the WebhookCallbackHandler (Step 1).
  • Sanitization: No input validation or sanitization is demonstrated in the implementation examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:40 AM