langchain-init
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs dependencies from the official LangChain organization (@langchain/core, @langchain/langgraph, @langchain/openai) and common TypeScript developer tools (typescript, tsx). These are well-known libraries from trusted sources.\n- [COMMAND_EXECUTION]: The skill uses shell commands to create directories and manage packages via npm or bun. There is a manifest inconsistency as the frontmatter's allowed-tools field specifies Python tools (uv, pip), while the skill execution steps use JavaScript ecosystem tools (bun, npm).\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the use of the project-name argument in shell commands.\n
- Ingestion points: The project-name argument ($1) provided to the skill (SKILL.md).\n
- Boundary markers: None present.\n
- Capability inventory: Shell command execution via mkdir, cd, bun, and npm (SKILL.md).\n
- Sanitization: The project-name argument is interpolated into shell commands without quoting or sanitization, which could allow command injection if a malicious argument is provided.
Audit Metadata