langsmith-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and invokes prompts from a shared "hub" (e.g., client.pull_prompt("langchain-ai/rag-prompt") in the "Hub prompts" section of SKILL.md and references/advanced-usage.md), which can be public or user-contributed and is then invoked by the agent—allowing untrusted third-party prompt content to directly influence model behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime calls like client.pull_prompt(...) which fetch prompt templates from the LangSmith hub (e.g., https://api.smith.langchain.com / https://smith.langchain.com) and those remote templates directly control the prompts/instructions used by the agent.