langchain-workflow-builder

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content is largely a benign LangChain tutorial, but it includes an unsafe eval(expression) on user-provided input (calculatorTool) which creates a clear remote code execution / backdoor risk if used in production.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill defines a searchTool (tools/custom.ts) that "Search the web for information" via searchAPI.search and then includes that tool in agents (createReactAgent/AgentExecutor), meaning the agent will fetch and read arbitrary public web content which could contain untrusted, user-generated instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls pull('hwchase17/react') at runtime (via langchain/hub), which fetches external prompt content that is directly used to create the agent prompt, so the remote resource "hwchase17/react" controls agent instructions.