-
Notifications
You must be signed in to change notification settings - Fork 903
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue #248
Comments
Hi @lchenneberg - thanks so much for writing in. I want to make sure I understand the concern you're bringing up. Is the following a correct characterization?
Is that correct? Assuming that's the concern, reply below. But I'd also love to jump on a quick call with you to make sure I understand the concern correctly, and also to hear what you're building! If any time here works, please feel free to book.
If you're interested, we'd love to include you in the design, or the review phases of this feature. Sounds like you have great security mindset. Let me know. Separately: if you want to share/tell us what you are building with LangGraph we are highly interested what our users are building! Again, happy to jump on a call, or you can also share on the showcase channel on our discord. |
I've spent 2 days digging the code. I really like the project. You really did a good job and the implementation with langgraph is a pain killer.
There is a potential serious security issue. You may not delegate the responsibility to the client to create tools.
I thing the right way to go is to delegate the responsibility to declare the tooling to the server and refer to it frontend side by an identifier. I guess at this stage, it is not a lot of code to change.
you need to rethink, useCopilotAction (useMakeCopilotActionable is already deprecated and may be deleted asap)
The issue with the current approach is that you enable GOD mode to an attacker. I would be able to modify the prompt client side and touch the endpoint. As we don't know how the backend will be implemented, maybe langchain or langgraph agents with access to databases or apis. I would be able to collect information that i'm not supposed to.
By the way the project is nice, thank you for the hard work.
The text was updated successfully, but these errors were encountered: