Skip to content

Security Findings Detected by Trustabl Scanner #1426

Description

@joshua-trustabl

We ran the Trustabl scanner on your repo AgentOps-AI/agentops and identified several security findings. In examples/ag2/tools_wikipedia_search.py, a HIGH severity issue was found where the AutoGen executor runs code with no human review (human_input_mode=NEVER). This means the agent can execute code without any human oversight.

Another HIGH severity finding in examples/langgraph/langgraph_example.py involves dynamic code execution through eval(), exec(), or compile() within a LangChain tool. This poses a risk as it allows the execution of arbitrary code.

Lastly, a HIGH severity issue was detected in examples/openai_agents/agents_tools.py where an agent is configured with shell command or filesystem-touching tools without input guardrails. This setup can lead to unauthorized access or modifications if malicious input is provided.


Add Trustabl to your CI — trustabl/trustabl-action:

- name: Trustabl scan
  uses: trustabl/trustabl-action@v1

https://trustabl.ai

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions