langgraph
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The example code for the 'Basic Agent Graph' includes a calculator tool that utilizes the 'eval()' function.
- Evidence: The 'calculator' function in SKILL.md directly passes the 'expression' argument to 'eval()'.
- Impact: This pattern allows for arbitrary Python code execution if the LLM generates a malicious string based on untrusted user input.
- Indirect Prompt Injection (LOW): The skill describes a pattern where untrusted data from messages is processed by nodes with high-privilege capabilities (eval) without boundary markers or sanitization.
- Ingestion points: 'messages' list in 'AgentState' within SKILL.md.
- Boundary markers: Absent in the provided Python examples.
- Capability inventory: Uses 'eval()' for dynamic evaluation.
- Sanitization: None provided in the implementation logic.
Audit Metadata