You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 18, 2026. It is now read-only.
Beware of the risks of using running SQL queries directly from client side in public-facing applications, especially with LLMs, due to SQL & prompt injection risks. The SQL Tool in the tool library is not recommended to be used in public-facing applications due to these risks. PR 55 introduces more filters for malignant SQL queries / script injections, but do not guarantee protection against all attacks, as there are inherent risks in executing unparametrized SQL queries.
See LangChain's note on a similar topic (link):
"Building Q&A systems of SQL databases requires executing model-generated SQL queries. There are inherent risks in doing this. Make sure that your database connection permissions are always scoped as narrowly as possible for your chain/agent's needs. This will mitigate though not eliminate the risks of building a model-driven system. For more on general security best practices, see here
Beware of the risks of using running SQL queries directly from client side in public-facing applications, especially with LLMs, due to SQL & prompt injection risks. The SQL Tool in the tool library is not recommended to be used in public-facing applications due to these risks. PR 55 introduces more filters for malignant SQL queries / script injections, but do not guarantee protection against all attacks, as there are inherent risks in executing unparametrized SQL queries.
See LangChain's note on a similar topic (link):
"Building Q&A systems of SQL databases requires executing model-generated SQL queries. There are inherent risks in doing this. Make sure that your database connection permissions are always scoped as narrowly as possible for your chain/agent's needs. This will mitigate though not eliminate the risks of building a model-driven system. For more on general security best practices, see here