Add security notes to agent toolkits (#11989)

Add more security notes to agent toolkits.
2025-07-19 19:11:33 +00:00 · 2023-10-18 14:36:29 -04:00 · 2023-10-18 14:36:29 -04:00 · 3d81c76160
commit 3d81c76160
parent b81a4c1d94
6 changed files with 73 additions and 7 deletions
--- a/libs/langchain/langchain/agents/agent_toolkits/ainetwork/toolkit.py
+++ b/libs/langchain/langchain/agents/agent_toolkits/ainetwork/toolkit.py
@ -17,7 +17,14 @@ if TYPE_CHECKING:


 class AINetworkToolkit(BaseToolkit):
-    """Toolkit for interacting with AINetwork Blockchain."""
+    """Toolkit for interacting with AINetwork Blockchain.
+
+    *Security Note*: This toolkit contains tools that can read and modify
+        the state of a service; e.g., by reading, creating, updating, deleting
+        data associated with this service.
+
+        See https://python.langchain.com/docs/security for more information.
+    """

    network: Optional[Literal["mainnet", "testnet"]] = "testnet"
    interface: Optional[Ain] = None
--- a/libs/langchain/langchain/agents/agent_toolkits/amadeus/toolkit.py
+++ b/libs/langchain/langchain/agents/agent_toolkits/amadeus/toolkit.py
@ -14,7 +14,7 @@ if TYPE_CHECKING:


 class AmadeusToolkit(BaseToolkit):
-    """Toolkit for interacting with Office365."""
+    """Toolkit for interacting with Amadeus which offers APIs for travel search."""

    client: Client = Field(default_factory=authenticate)

--- a/libs/langchain/langchain/agents/agent_toolkits/multion/toolkit.py
+++ b/libs/langchain/langchain/agents/agent_toolkits/multion/toolkit.py
@ -10,7 +10,17 @@ from langchain.tools.multion.update_session import MultionUpdateSession


 class MultionToolkit(BaseToolkit):
-    """Toolkit for interacting with the Browser Agent"""
+    """Toolkit for interacting with the Browser Agent.
+
+    **Security Note**: This toolkit contains tools that interact with the
+        user's browser via the multion API which grants an agent
+        access to the user's browser.
+
+        Please review the documentation for the multion API to understand
+        the security implications of using this toolkit.
+
+        See https://python.langchain.com/docs/security for more information.
+    """

    class Config:
        """Pydantic config."""
--- a/libs/langchain/langchain/agents/agent_toolkits/office365/toolkit.py
+++ b/libs/langchain/langchain/agents/agent_toolkits/office365/toolkit.py
@ -17,7 +17,20 @@ if TYPE_CHECKING:


 class O365Toolkit(BaseToolkit):
-    """Toolkit for interacting with Office 365."""
+    """Toolkit for interacting with Office 365.
+
+    *Security Note*: This toolkit contains tools that can read and modify
+        the state of a service; e.g., by reading, creating, updating, deleting
+        data associated with this service.
+
+        For example, this toolkit can be used search through emails and events,
+        send messages and event invites, and create draft messages.
+
+        Please make sure that the permissions given by this toolkit
+        are appropriate for your use case.
+
+        See https://python.langchain.com/docs/security for more information.
+    """

    account: Account = Field(default_factory=authenticate)

--- a/libs/langchain/langchain/agents/agent_toolkits/openapi/base.py
+++ b/libs/langchain/langchain/agents/agent_toolkits/openapi/base.py
@ -30,7 +30,20 @@ def create_openapi_agent(
    agent_executor_kwargs: Optional[Dict[str, Any]] = None,
    **kwargs: Any,
 ) -> AgentExecutor:
-    """Construct an OpenAPI agent from an LLM and tools."""
+    """Construct an OpenAPI agent from an LLM and tools.
+
+    *Security Note*: When creating an OpenAPI agent, check the permissions
+        and capabilities of the underlying toolkit.
+
+        For example, if the default implementation of OpenAPIToolkit
+        uses the RequestsToolkit which contains tools to make arbitrary
+        network requests against any URL (e.g., GET, POST, PATCH, PUT, DELETE),
+
+        Control access to who can submit issue requests using this toolkit and
+        what network access it has.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
    tools = toolkit.get_tools()
    prompt = ZeroShotAgent.create_prompt(
        tools,
--- a/libs/langchain/langchain/agents/agent_toolkits/openapi/toolkit.py
+++ b/libs/langchain/langchain/agents/agent_toolkits/openapi/toolkit.py
@ -23,7 +23,22 @@ from langchain.utilities.requests import TextRequestsWrapper


 class RequestsToolkit(BaseToolkit):
-    """Toolkit for making REST requests."""
+    """Toolkit for making REST requests.
+
+    *Security Note*: This toolkit contains tools to make GET, POST, PATCH, PUT,
+        and DELETE requests to an API.
+
+        Exercise care in who is allowed to use this toolkit. If exposing
+        to end users, consider that users will be able to make arbitrary
+        requests on behalf of the server hosting the code. For example,
+        users could ask the server to make a request to a private API
+        that is only accessible from the server.
+
+        Control access to who can submit issue requests using this toolkit and
+        what network access it has.
+
+        See https://python.langchain.com/docs/security for more information.
+    """

    requests_wrapper: TextRequestsWrapper

@ -39,7 +54,15 @@ class RequestsToolkit(BaseToolkit):


 class OpenAPIToolkit(BaseToolkit):
-    """Toolkit for interacting with an OpenAPI API."""
+    """Toolkit for interacting with an OpenAPI API.
+
+    *Security Note*: This toolkit contains tools that can read and modify
+        the state of a service; e.g., by creating, deleting, or updating,
+        reading underlying data.
+
+        For example, this toolkit can be used to delete data exposed via
+        an OpenAPI compliant API.
+    """

    json_agent: AgentExecutor
    requests_wrapper: TextRequestsWrapper