langsmith-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes external data from LangSmith execution traces.
- Ingestion points: Data is retrieved from the LangSmith API via the
langsmith-fetchCLI (seen inSKILL.mdworkflows). - Boundary markers: The skill does not explicitly use delimiters or guardrails to separate fetched trace content from the agent's internal instructions.
- Capability inventory: The skill can execute shell commands (
langsmith-fetch,mkdir,grep) and perform file system writes (seen in Workflow 3 and 4 ofSKILL.md). - Sanitization: There is no evidence of sanitization or filtering of the fetched trace data before it is presented to the agent for analysis.
- [COMMAND_EXECUTION]: The skill relies on executing local system commands to function. It uses
langsmith-fetchto retrieve data,mkdirto create local directories for session exports, andgrepto parse JSON files for errors. These operations are aligned with the skill's stated purpose of debugging and data management. - [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the
langsmith-fetchPython package from PyPI and provides acurlcommand to download theSKILL.mdfile from the author's GitHub repository (github.com/OthmanAdi/langsmith-fetch-skill). These are standard installation procedures for this type of tool.
Audit Metadata