langchain-workflow-builder

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content is largely a benign LangChain tutorial, but it includes an unsafe eval(expression) on user-provided input (calculatorTool) which creates a clear remote code execution / backdoor risk if used in production.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill defines a DynamicTool named "search" in tools/custom.ts described as "Search the web for information" (calling searchAPI.search(query)) and then includes that tool in agents (agents/react.ts) so the agent fetches and consumes open web results—exposing it to untrusted third-party content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls pull('hwchase17/react') at runtime (via langchain/hub), which fetches external prompt content that is directly used to create the agent prompt, so the remote resource "hwchase17/react" controls agent instructions.