langsmith

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and workflow explicitly show fetching user-provided prompts and public datasets from the LangSmith/Prompt Hub (examples: SKILL.md "Prompt Hub" push/pull, references/python-sdk.md's client.clone_public_dataset("https://smith.langchain.com/public/..."), and references/typescript-sdk.md's pull/pulled.invoke), so it ingests open/public, potentially user-generated content that is then used to format prompts and drive evaluations/LLM calls and therefore could supply instructions that materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime operations that fetch and execute external content that can control agent behavior — e.g., Client().pull_prompt(...) and other Client APIs will retrieve prompt objects from the LangSmith service at https://smith.langchain.com (used at runtime to supply prompts), and the setup script also offers to run a remote install command that executes code fetched from https://raw.githubusercontent.com/langchain-ai/langsmith-cli/main/scripts/install.sh via curl | sh.