We ran the Trustabl scanner on your repo AgentOps-AI/agentops and identified several security findings. In examples/ag2/tools_wikipedia_search.py, a HIGH severity issue was found where the AutoGen executor runs code with no human review (human_input_mode=NEVER). This means the agent can execute code without any human oversight.
Another HIGH severity finding in examples/langgraph/langgraph_example.py involves dynamic code execution through eval(), exec(), or compile() within a LangChain tool. This poses a risk as it allows the execution of arbitrary code.
Lastly, a HIGH severity issue was detected in examples/openai_agents/agents_tools.py where an agent is configured with shell command or filesystem-touching tools without input guardrails. This setup can lead to unauthorized access or modifications if malicious input is provided.
Add Trustabl to your CI — trustabl/trustabl-action:
- name: Trustabl scan
uses: trustabl/trustabl-action@v1
https://trustabl.ai
We ran the Trustabl scanner on your repo AgentOps-AI/agentops and identified several security findings. In examples/ag2/tools_wikipedia_search.py, a HIGH severity issue was found where the AutoGen executor runs code with no human review (human_input_mode=NEVER). This means the agent can execute code without any human oversight.
Another HIGH severity finding in examples/langgraph/langgraph_example.py involves dynamic code execution through eval(), exec(), or compile() within a LangChain tool. This poses a risk as it allows the execution of arbitrary code.
Lastly, a HIGH severity issue was detected in examples/openai_agents/agents_tools.py where an agent is configured with shell command or filesystem-touching tools without input guardrails. This setup can lead to unauthorized access or modifications if malicious input is provided.
Add Trustabl to your CI — trustabl/trustabl-action:
https://trustabl.ai