GPT LangChain experimental agent - allow dangerous code

题意：GPT LangChain 实验性代理 - 允许危险代码

问题背景：

I'm creating a chatbot in VS Code where it will receive csv file through a prompt on Streamlit interface. However from the moment that file is loaded, it is showing a message with the following content:

我正在VS Code中创建一个聊天机器人，它将通过Streamlit界面上的一个提示接收csv文件。但是，从文件加载的那一刻起，它就显示了一条包含以下内容的消息：

ValueError: This agent relies on access to a python repl tool which can execute arbitrary code. This can be dangerous and requires a specially sandboxed environment to be safely used. Please read the security notice in the doc-string of this function. You must opt-in to use this functionality by setting allow_dangerous_code=True.For general security guidelines, please see: Security | 🦜️🔗 LangChain

ValueError：此代理依赖于访问一个可以执行任意代码的Python REPL工具。这可能存在危险，并且需要一个特别的安全沙箱环境来安全使用。请阅读此函数文档字符串中的安全通知。您必须通过设置allow_dangerous_code=True来明确选择使用此功能。对于一般的安全指南，查看相关文档

Traceback  堆栈信息

File "c:\Users\  \langchain-ask-csv\.venv\Lib\site-packages\streamlit\runtime\scriptrunner\script_runner.py", line 589, in _run_scriptexec(code, module.__dict__)
File "C:\Users\ \langchain-ask-csv\main.py", line 46, in <module>main()
File "C:\Users\  \langchain-ask-csv\main.py", line 35, in mainagent = create_csv_agent( OpenAI(), csv_file, verbose=True)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "c:\Users\
\langchain-ask-csv\.venv\Lib\site-packages\langchain_experimental\agents\agent_toolkits\csv\base.py", line 66, in create_csv_agentreturn create_pandas_dataframe_agent(llm, df, **kwargs)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "c:\Users\ T\langchain-ask-csv\.venv\Lib\site-packages\langchain_experimental\agents\agent_toolkits\pandas\base.py", line 248, in create_pandas_dataframe_agentraise ValueError(

Here's part of the code where I'm passing the file:

这是我传递文件的部分代码：

def main():load_dotenv()# Load the OpenAI API key from the environment variableif os.getenv("OPENAI_API_KEY") is None or os.getenv("OPENAI_API_KEY") == "":print("OPENAI_API_KEY is not set")exit(1)else:print("OPENAI_API_KEY is set")st.set_page_config(page_title="Ask your CSV")st.header("Ask your CSV 📈")csv_file = st.file_uploader("Upload a CSV file", type="csv")if csv_file is not None:agent = create_csv_agent( OpenAI(), csv_file, verbose=True)user_question = st.text_input("Ask a question about your CSV: ")if user_question is not None and user_question != "":with st.spinner(text="In progress..."):st.write(agent.run(user_question))if __name__ == "__main__":main()

I checked the link given as suggestion and also tried to search on similar reports but haven't had success.

我检查了给出的建议链接，也尝试搜索了类似的报告，但都没有成功。

What might be wrong and how to fix it?

可能出了什么问题，以及如何解决它？

问题解决：

The referenced security notice is in    相关的安全通知在这里      langchain_experimental.agents.agent_toolkits.pandas.base.create_pandas_dataframe_agent — 🦜🔗 LangChain 0.2.8.

Just do what the message tells you. Do a security analysis, create a sandbox environment for your thing to run in, and then add allow_dangerous_code=True to the arguments you pass to create_csv_agent, which just forwards the argument to create_pandas_dataframe_agent and run it in the sandbox.

按照消息告诉你的去做。进行安全分析，为你的东西创建一个沙盒环境来运行，然后在传递给create_csv_agent的参数中添加allow_dangerous_code=True，这个参数会被传递到create_pandas_dataframe_agent中，并在沙盒环境中运行它。