graph-patterns
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The script 'scripts/init-langgraph.sh' installs LangGraph and OpenAI packages via pip and npm without version pinning. This increases the risk of supply chain attacks as any future compromised version of these dependencies could be automatically installed.
- PROMPT_INJECTION (MEDIUM): The templates, specifically 'templates/basic_graph.py', define workflows that process untrusted message data. (1) Ingestion point: The 'State' TypedDict and 'messages' list in 'templates/basic_graph.py'. (2) Boundary markers: Absent in the template logic. (3) Capability inventory: The skill metadata allows high-privilege tools including 'Bash', 'Write', 'Edit', and 'WebFetch'. (4) Sanitization: No logic exists to filter or escape instructions embedded within the 'messages' data.
- COMMAND_EXECUTION (LOW): The skill utilizes 'scripts/init-langgraph.sh' for environment setup. While the current implementation is limited to package management and directory creation, it establishes a pattern of executing local shell scripts which could be modified to perform malicious actions if the agent's file system is compromised.
Audit Metadata