LangChain / LangGraph policy index¶
15 rules — 11 tool · 3 agent · 1 repo
Risk score = severity_weight × confidence × 100 (engine formula; weights: low=0.15, medium=0.40, high=0.70). Higher = worse.
| Id | SDK/ADK | Scope | Applies To | Policy | Severity | Confidence | Risk | Source | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | LC-001 | LangChain | tool | langchain_tool | LangChain tool has no description | low | 0.80 | 12.0 | tool_definition.yaml |
| 2 | LC-002 | LangChain | tool | langchain_tool | LangChain tool parameters are not type-annotated | medium | 0.85 | 34.0 | tool_definition.yaml |
| 3 | LC-003 | LangChain | tool | langchain_tool | LangChain tool body spawns a subprocess | high | 0.85 | 59.5 | shell_safety.yaml |
| 4 | LC-004 | LangChain | tool | langchain_tool | LangChain tool body evaluates dynamic code | high | 0.85 | 59.5 | code_execution.yaml |
| 5 | LC-005 | LangChain | tool | langchain_tool | LangChain tool fetches a caller-controlled URL (SSRF) | high | 0.80 | 56.0 | ssrf.yaml |
| 6 | LC-006 | LangChain | tool | langchain_tool | LangChain tool returns its output directly, bypassing the model | medium | 0.80 | 32.0 | tool_behavior.yaml |
| 7 | LC-010 | LangChain | tool | langchain_tool | TypeScript LangChain tool has no description | low | 0.80 | 12.0 | tool_definition.yaml |
| 8 | LC-011 | LangChain | tool | langchain_tool | TypeScript LangChain tool body spawns a subprocess | high | 0.85 | 59.5 | shell_safety.yaml |
| 9 | LC-012 | LangChain | tool | langchain_tool | TypeScript LangChain tool evaluates dynamic code | high | 0.85 | 59.5 | code_execution.yaml |
| 10 | LC-013 | LangChain | tool | langchain_tool | TypeScript LangChain tool fetches a caller-controlled URL (SSRF) | high | 0.80 | 56.0 | ssrf.yaml |
| 11 | LC-014 | LangChain | tool | langchain_tool | TypeScript LangChain tool returns its output directly, bypassing the model | medium | 0.80 | 32.0 | tool_behavior.yaml |
| 12 | LC-101 | LangChain | agent | langchain_agent, langchain_agent_executor | LangChain agent wires a code-execution or shell built-in tool | high | 0.85 | 59.5 | agent_safety.yaml |
| 13 | LC-102 | LangChain | agent | langchain_agent_executor | LangChain AgentExecutor has no explicit max_iterations limit | low | 0.60 | 9.0 | agent_safety.yaml |
| 14 | LC-111 | LangChain | agent | langchain_agent_executor | TypeScript LangChain AgentExecutor has no explicit maxIterations limit | low | 0.60 | 9.0 | agent_safety.yaml |
| 15 | LC-201 | LangChain | repo | langchain | LangChain project ships no agent-guidance doc (AGENTS.md/CLAUDE.md) | low | 0.90 | 13.5 | repo_hygiene.yaml |