langgraph
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The provided calculator tool implementation in 'SKILL.md' uses the 'eval()' function to process the 'expression' input string. This function executes arbitrary Python code and is highly dangerous when exposed to untrusted input, potentially allowing for system compromise.
- [REMOTE_CODE_EXECUTION]: By incorporating 'eval()' into the agent's tools, the skill creates a surface for remote code execution. An attacker could influence the agent to execute malicious Python commands, such as system calls or file system modifications, through the 'expression' argument.
- [REMOTE_CODE_EXECUTION]: Assessment of indirect injection surface for the calculator tool in 'SKILL.md': (1) Ingestion point: 'expression' parameter in the 'calculator' tool. (2) Boundary markers: None identified. (3) Capability inventory: Full Python execution via 'eval()'. (4) Sanitization: No validation or escaping is applied to the input string.
Audit Metadata