langsmith-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes calls to pull prompts from a shared prompt hub (e.g., client.pull_prompt("langchain-ai/rag-prompt") and client.pull_prompt("my-org/qa-prompt")), which fetches externally authored hub prompts (potentially public or user-generated) that the agent then invokes and interprets, exposing it to untrusted third-party content and indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill demonstrates pulling prompts at runtime via the LangSmith hub (client.pull_prompt) which causes the agent to execute externally-fetched prompt instructions from the LangSmith API endpoint (e.g. https://api.smith.langchain.com), so remote content directly controls agent behavior.