skills/jeremylongshore/claude-code-plugins-plus-skills/langchain-webhooks-events/Gen Agent Trust Hub
langchain-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill defines a 'WebhookCallbackHandler' using the 'httpx' library to send event data, including prompts and model outputs, to a user-specified webhook URL. This is consistent with the skill's stated purpose of implementing event-driven LangChain applications.- [PROMPT_INJECTION]: The provided FastAPI code snippets for WebSocket and SSE endpoints establish a surface for indirect prompt injection by processing external input.
- Ingestion points: The 'message' parameter in 'stream_chat' and 'data["message"]' in 'websocket_chat'.
- Boundary markers: The code lacks delimiters or explicit instructions to the LLM to ignore embedded commands in the user input.
- Capability inventory: The skill enables external network requests via webhooks and LLM invocation.
- Sanitization: No input sanitization or validation logic is provided in the implementation examples.
Audit Metadata