langsmith-fetch
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Persistence mechanism detected. The skill provides instructions for the agent to append environment variable exports to the user's shell configuration files. Evidence:
echo 'export LANGSMITH_API_KEY="your_key"' >> ~/.bashrcinSKILL.md. - [CREDENTIALS_UNSAFE]: Potential credential exposure. The skill instructs the user to verify setup by printing the sensitive API key to the terminal, which may be captured in session logs or terminal history. Evidence:
echo $LANGSMITH_API_KEYinSKILL.md. - [EXTERNAL_DOWNLOADS]: Installation of unverifiable and suspicious dependencies. The skill instructs the installation of
langsmith-fetch, a package that does not exist in official registries and provides a misleading reference to a non-existent official repository (https://github.com/langchain-ai/langsmith-fetch). Evidence:pip install langsmith-fetchinSKILL.md. - [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill ingests and analyzes external trace data from LangSmith without sanitization or boundary markers to prevent embedded instructions from influencing agent behavior.
- Ingestion points:
langsmith-fetch tracesoutput andrecent-traces.jsoninSKILL.md. - Boundary markers: Absent.
- Capability inventory:
pip install,mkdir,grep,echoacrossSKILL.md. - Sanitization: Absent. External trace content is processed and summarized directly.
Recommendations
- AI detected serious security threats
Audit Metadata