Skills
skills/timothywarner-org/agents2/langgraph-tutor/Gen Agent Trust Hub

langgraph-tutor

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The validation script scripts/validate_graph.py uses importlib.util to execute the code within a target file under the guise of validation. This allows for arbitrary code execution if an agent is directed to validate a malicious script.
  • [REMOTE_CODE_EXECUTION] (HIGH): Reference documentation in references/patterns.md and references/tools.md provides code snippets for a calculator tool that uses the eval() function on raw input. This pattern is highly susceptible to shell injection if adopted by an agent or user.
  • [COMMAND_EXECUTION] (MEDIUM): The SKILL.md metadata grants broad Bash permissions for python and pip operations, which enables arbitrary package installation and script execution at runtime.
  • [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill is designed to process and execute agent workflows which are often defined in external files. There are no boundary markers or explicit sanitization logic to prevent an agent from following instructions embedded in a 'graph' file it is told to read or validate.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:35 AM