provider-integration-templates
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (HIGH): Multiple templates use the
eval()function to implement mathematical calculation tools, creating a significant risk of arbitrary code execution. \n - In
templates/openai-functions.ts, thecalculateimplementation useseval(args.expression)on raw input without any validation or sanitization. \n - In
templates/vercel-tools-config.ts, thecalculatorTooluseseval(expression)on raw input without any validation. \n - In
templates/langchain-agent.py, thecalculatetool useseval(operation)with a basic character whitelist, which is still a discouraged and potentially bypassable practice. \n- Indirect Prompt Injection (HIGH): The skill facilitates the ingestion of untrusted data through RAG and Agent templates while declaring broad permissions. \n - Ingestion points:
templates/langchain-rag.pyusesTextLoaderto read documents;templates/langchain-agent.pyprocesses user input via tool-calling agents. \n - Boundary markers: Templates lack delimiters or instructions to ignore embedded commands in the processed data. \n
- Capability inventory: The skill requests
BashandWritepermissions inSKILL.md. \n - Sanitization: No sanitization is implemented for data retrieved in RAG or processed by agents. \n- External Downloads (LOW): Setup scripts install dependencies using standard tools. \n
- Scripts
scripts/setup-langchain-integration.shandscripts/setup-vercel-integration.shusepipandnpm/pnpm/yarnto install well-known libraries from official registries.
Recommendations
- AI detected serious security threats
Audit Metadata