mastering-langgraph
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): In the file 'references/tool-agent-pattern.md', the example 'calculate' tool uses Python's 'eval()' function on the 'expression' argument. This is a severe vulnerability because an LLM, potentially manipulated by prompt injection, can execute arbitrary Python code on the host environment through this tool.
- EXTERNAL_DOWNLOADS (MEDIUM): The 'README.md' file instructs users to install 'skilz', a third-party CLI tool from an unverified GitHub organization ('SpillwaveSolutions'). Recommending non-standard package managers and installers for AI skills introduces significant supply-chain risks.
Recommendations
- AI detected serious security threats
Audit Metadata