langchain
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides templates for building LangChain applications using official and well-known packages from trusted providers including LangChain, OpenAI, and Anthropic.
- [PROMPT_INJECTION]: The skill describes patterns for Retrieval-Augmented Generation (RAG) and tool-calling agents which ingest untrusted data, creating a potential surface for indirect prompt injection. 1. Ingestion points: User queries and external document contents (SKILL.md). 2. Boundary markers: Prompt templates use standard delimiters to separate context from user queries. 3. Capability inventory: Tool calling for database queries and Slack messaging is illustrated in the examples. 4. Sanitization: While explicit input sanitization is not detailed, the skill encourages best practices such as structured output and specific retrieval strategies.
Audit Metadata