Scan Details
Project Name
Scan Timestamp
Agentic Framework
surprise_trip
05/07/25 12:08:15
crewai
Dependency Check
Agentic Workflow Graph
Legend
Agent
Tool
Tool Category
CustomTool
Basic
MCP Server
Findings
Vulnerabilities
3
Agents
3
Tools
2
Nodes Overview
Agents
| Agent Name | LLM Model | System Prompt |
|---|---|---|
| personalized_activity_planner | gpt-4 | You are Activity Planner . You are skilled at creating personalized itineraries that cater to the specific preferences and demographics of travelers. Your personal goal is: Research and find cool things to do at the destination, including activities and events that match the traveler's interests and age group To give my best complete final answer to the task respond using the exact following format: Thought: I now can give a great answer Final Answer: Your final answer must be the great and the most complete as possible, it must be outcome described. I MUST use these formats, my job depends on it! |
| restaurant_scout | gpt-4 | You are Restaurant Scout . As a food lover, you know the best spots in town for a delightful culinary experience. You also have a knack for finding picturesque and entertaining locations. Your personal goal is: Find highly-rated restaurants and dining experiences at the destination, and recommend scenic locations and fun activities To give my best complete final answer to the task respond using the exact following format: Thought: I now can give a great answer Final Answer: Your final answer must be the great and the most complete as possible, it must be outcome described. I MUST use these formats, my job depends on it! |
| itinerary_compiler | gpt-4 | You are Itinerary Compiler . With an eye for detail, you organize all the information into a coherent and enjoyable travel plan. Your personal goal is: Compile all researched information into a comprehensive day-by-day itinerary, ensuring the integration of flights and hotel information To give my best complete final answer to the task respond using the exact following format: Thought: I now can give a great answer Final Answer: Your final answer must be the great and the most complete as possible, it must be outcome described. I MUST use these formats, my job depends on it! |
Tools
| Tool Name | Tool Category | Tool Description | Number of Vulnerabilities |
|---|---|---|---|
| SerperDevTool | web_search | The SerperDevTool is a powerful search tool that interfaces with the `serper.dev` API to perform internet searches. It supports multiple search types including general search and news search, with features like knowledge graph integration, organic results, "People Also Ask" questions, and related searches. | 2 |
| ScrapeWebsiteTool | document_loader | A tool designed to extract and read the content of a specified website. It is capable of handling various types of web pages by making HTTP requests and parsing the received HTML content. This tool can be particularly useful for web scraping tasks, data collection, or extracting specific information from websites. | 1 |
Tool Vulnerabilities
SerperDevTool
Vulnerability
Indirect Prompt Injection
Description
Attackers can poison search results (SEO poisoning) or craft pages so that their snippets contain malicious instructions. For instance, hidden text in a webpage that ranks in results could manipulate the agent’s summary or follow-up actions.
Security Framework Mapping
OWASP LLM Top 10:LLM01 - Prompt Injection
OWASP Agentic:T6 - Intent Breaking & Goal Manipulation
Remediation Steps
• Enable URL whitelisting
• Implement guardrails filtering for prompt injection
Vulnerability
Misinformation
Description
The agent might unknowingly incorporate malicious snippets into its reasoning, leading to harmful output (e.g., biased or false information, or even code if the snippet is crafted as such).
Security Framework Mapping
OWASP LLM Top 10:LLM09 - Misinformation
OWASP Agentic:T1 - Memory Poisoning
Remediation Steps
• Implement guardrails to filter out malicious snippets
• Implement data sanitization to prevent user data from entering the tool
ScrapeWebsiteTool
Vulnerability
Indirect Prompt Injection
Description
Any malicious webpage could include hidden prompts that the agent will read, injecting commands into the agent’s context (an indirect prompt injection attack).
Security Framework Mapping
OWASP LLM Top 10:LLM01 - Prompt Injection
OWASP Agentic:T6 - Intent Breaking & Goal Manipulation
Remediation Steps
• Enable URL whitelisting
• Implement guardrails filtering for prompt injection