langgraph
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The 'Basic Agent Graph' example in 'SKILL.md' contains a 'calculator' tool that uses Python's built-in 'eval()' function.
- Evidence: '@tool def calculator(expression: str) -> str: return str(eval(expression))'.
- Risk: If an LLM agent uses this tool to process unvalidated user input, it allows an attacker to execute arbitrary Python code on the host environment.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The use of 'eval()' within a tool designed for an autonomous agent creates a direct path for remote code execution via natural language instructions.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection due to its architecture.
- Ingestion points: The 'messages' field in 'AgentState' accepts untrusted input from users.
- Boundary markers: None present in the provided templates to distinguish between instructions and data.
- Capability inventory: The skill explicitly provides an 'eval()' capability through the calculator tool.
- Sanitization: No input validation or sanitization logic is demonstrated in the examples.
Audit Metadata