langchain-retrieval-agent
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill setup instructions include a git clone command for an untrusted third-party repository (Eng0AI/langchain-retrieval-agent) not included in the trusted sources list.
- REMOTE_CODE_EXECUTION (HIGH): The instructions require executing pnpm install and pnpm dev on the cloned code, which can trigger malicious lifecycle scripts and execute arbitrary commands on the host system.
- PROMPT_INJECTION (LOW): The RAG-based document Q&A architecture is inherently vulnerable to indirect prompt injection from data ingested into the vector store. 1. Ingestion points: Supabase pgvector database via retrieval tool. 2. Boundary markers: None identified in the skill metadata or setup. 3. Capability inventory: Document retrieval and LLM processing via LangChain and LangGraph. 4. Sanitization: No sanitization or filtering of external content is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata