langgraph-human-in-the-loop
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Data Ingestion via Interrupts (Indirect Prompt Injection Surface): The skill describes how to use the interrupt() function to pause execution and collect external data. This creates a surface where data from outside the agent enters the execution state. \n
- Ingestion points: External data is ingested in SKILL.md through the interrupt() call within graph nodes. \n
- Boundary markers: The skill specifies that data must be JSON-serializable, though it does not explicitly discuss delimiters for preventing instruction leakage. \n
- Capability inventory: The code examples demonstrate using this data to update the graph state and determine routing logic (e.g., routing to a 'send' or 'end' node). \n
- Sanitization: A 'Validation Loop' example is provided, showing how to implement validation logic to ensure data meets specific criteria (e.g., verifying a number) before the graph proceeds. \n- Idempotency Considerations: The skill includes a dedicated section on side effects and idempotency. \n
- Evidence: The 'Idempotency Rules' section in SKILL.md provides clear 'Do' and 'Don't' guidance. \n
- Context: This is a positive security and reliability feature, helping developers prevent issues like duplicate transactions or inconsistent states when a graph resumes.
Audit Metadata