Skills
skills/yonatangross/orchestkit/langgraph-supervisor/Gen Agent Trust Hub

langgraph-supervisor

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The implementation pattern for the LLM-based supervisor in references/llm-supervisor.md is vulnerable to indirect prompt injection. It interpolates the state['input'] (untrusted data) directly into the routing prompt. An attacker could provide input designed to trick the supervisor into choosing a specific next agent or finishing prematurely, potentially bypassing intended workflow constraints.
  • Ingestion points: state['input'] in the llm_supervisor function in references/llm-supervisor.md.
  • Boundary markers: Absent; untrusted data is directly concatenated into the F-string prompt template.
  • Capability inventory: Controls the execution flow of the agentic graph (routing decisions with side effects).
  • Sanitization: Absent; no validation or escaping of the user input before interpolation.
  • Logic Bypass (LOW): The should_skip_agent function in references/priority-routing.md contains logic to bypass the 'security' agent if a trusted_source flag is found in the state. If the state is corrupted via prompt injection in a previous node, this facilitates a direct security bypass.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 11:19 PM