ddd-langchain-langgraph
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The template
BuildIntentChain.tsis susceptible to indirect prompt injection because user-provided text is interpolated directly into a system prompt without the use of delimiters or escaping mechanisms. - Ingestion points: The
RunWorkflowUseCase.tsaccepts auserInputstring from theRunWorkflowDTOwhich is passed to the intent classifier. - Boundary markers: None are present in the
BuildIntentChain.tsprompt template. - Capability inventory: The skill includes
scripts/copy_templates.shwhich can perform directory creation and file system writes. - Sanitization: The skill mitigates risks through strict validation in
ConversationIntent.ts, which uses an allow-list enum and confidence thresholds for all LLM-derived data. - [COMMAND_EXECUTION]: The skill includes a shell script
scripts/copy_templates.shthat executesmkdir -pandcp -Rcommands using a user-provided target directory argument to scaffold the project structure. - [EXTERNAL_DOWNLOADS]: The templates provided in the skill reference several external Node.js packages that would be required for the generated code to function, including
@langchain/langgraph,@langchain/core,@langchain/openai, and@andireuter/js-domain-principles.
Audit Metadata