langchain-dependencies
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Documentation-Focused Content]: The skill is primarily a technical reference for package versioning, installation, and framework selection. It does not include any functional scripts, command executions, or automated tasks that could pose a security risk.
- [Secure Configuration Examples]: While the skill mentions various environment variables for API keys (e.g., OPENAI_API_KEY, LANGSMITH_API_KEY), it uses standard placeholders like '' instead of hardcoding any actual secrets.
- [Verified Dependency References]: All listed Python and Node.js packages are official LangChain libraries or well-known integrations from trusted providers like OpenAI, Anthropic, and Google. The instructions encourage using stable, independently-versioned packages over legacy or unpinned community integrations.
Audit Metadata