Skills
skills/yonatangross/orchestkit/langgraph-tools/Gen Agent Trust Hub

langgraph-tools

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The file references/toolnode.md contains a 'calculator' tool example using the Python eval() function. This executes arbitrary strings as Python code. Since the input to the tool (expression) is generated by the LLM based on user input, an attacker could craft a prompt to execute malicious system commands via the agent.\n- DATA_EXFILTRATION (LOW): The api_call_with_retry example in SKILL.md uses requests.get(endpoint) where the endpoint is a parameter. This pattern is vulnerable to Server-Side Request Forgery (SSRF) if the URL is not validated, which could be used to probe internal networks.\n- PROMPT_INJECTION (LOW): The skill implements patterns vulnerable to Indirect Prompt Injection (Category 8). Evidence:\n
  • Ingestion points: state['messages'] in SKILL.md and tool return values.\n
  • Boundary markers: Absent.\n
  • Capability inventory: delete_user, transfer_funds, api_call_with_retry (SKILL.md), and eval (references/toolnode.md).\n
  • Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:27 PM