Skills
skills/sivag-lab/roth_mcp/langgraph/Gen Agent Trust Hub

langgraph

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The 'calculator' tool implementation in the 'Basic Agent Graph' pattern uses the Python eval() function on the expression argument. This allows for arbitrary code execution if a user provides a malicious string.
  • [PROMPT_INJECTION]: The skill processes untrusted user data which serves as a surface for indirect prompt injection attacks.
  • Ingestion points: The query field in RouterState and the expression field in the calculator tool (SKILL.md).
  • Boundary markers: Absent. No delimiters or instructions to ignore embedded commands are present.
  • Capability inventory: Execution of arbitrary code via the eval() function and general LLM tool-calling capabilities (SKILL.md).
  • Sanitization: Absent. Input is passed directly to the eval() function or used in string comparisons for routing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 06:51 AM