In [1]:

from langchain_openai import ChatOpenAI
from langchain.agents import initialize_agent, AgentType
from langchain_community.tools import (
    WikipediaQueryRun,
    DuckDuckGoSearchRun,    
)
from langchain_community.utilities import WikipediaAPIWrapper
from langchain_community.document_loaders import WebBaseLoader
from langchain.tools import BaseTool
from pydantic import BaseModel, Field
from typing import Type

llm = ChatOpenAI(
    model="gpt-4.1-nano", 
    temperature=0.1
)

wiki_tool = WikipediaQueryRun(
    api_wrapper=WikipediaAPIWrapper()
)

ddg_results_tool = DuckDuckGoSearchRun()

class WebsiteLoaderArgs(BaseModel):
    url: str = Field(description="풀 URL of the webpage to scrape")

class WebsiteContentLoaderTool(BaseTool):
    name: str = "WebsiteContentLoader"
    description: str = (
        "Fetches and returns raw textual content from a given webpage URL "
        "using LangChain WebBaseLoader."
    )
    args_schema: Type[WebsiteLoaderArgs] = WebsiteLoaderArgs

    def _run(self, url: str):
        loader = WebBaseLoader(url)
        docs = loader.load() 
        content = "\n\n".join(doc.page_content for doc in docs)
        # 빈 줄 정리
        lines = content.split('\n')
        cleaned_lines = [line.strip() for line in lines if line.strip()]
        return '\n'.join(cleaned_lines)

website_tool = WebsiteContentLoaderTool()

class SaveToFileArgs(BaseModel):
    content: str = Field(description="저장할 텍스트 내용")

class SaveToFileTool(BaseTool):
    name: str = "SaveToFile"
    description: str = "텍스트를 result.txt 파일로 저장합니다"
    args_schema: Type[SaveToFileArgs] = SaveToFileArgs

    def _run(self, content: str):
        with open("result.txt", "w", encoding="utf-8") as f:
            f.write(content)
        return "파일 저장 완료: result.txt"

save_to_file_tool = SaveToFileTool()

tools = [
    wiki_tool, 
    ddg_results_tool, 
    website_tool, 
    save_to_file_tool
]

system_prompt = (
    "You are an investigative research assistant. "
    "First try Wikipedia for concise factual context. "
    "Search the duckduckgo for more information for useful links. "
    "Then extract page text from promising links. "
    "Save results to result.txt file. "
)

agent = initialize_agent(
    llm=llm,
    tools=tools,
    agent=AgentType.OPENAI_FUNCTIONS,
    verbose=True,
    handle_parsing_errors=True,
    agent_kwargs={"system_message": system_prompt},
)

agent.invoke("Research about the XZ backdoor")


USER_AGENT environment variable not set, consider setting it to identify your requests.
  agent = initialize_agent(




[1m> Entering new AgentExecutor chain...[0m
[32;1m[1;3m
Invoking: `wikipedia` with `{'query': 'XZ backdoor'}`


[0m[36;1m[1;3mPage: XZ Utils backdoor
Summary: In February 2024, a malicious backdoor was introduced to the Linux build of the xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name "Jia Tan". The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution through OpenSSH on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number CVE-2024-3094 and has been assigned a CVSS score of 10.0, the highest possible score.
While xz is commonly present in most Linux distributions, at the time of discovery the backdoored version had not yet been widely deployed to production systems, but was present in development versions of major distributions. The backdoor was discovered by the software developer Andres Freund, who announced his findings on 29 March 2024.

Page

  with DDGS() as ddgs:


[33;1m[1;3mMay 26, 2025 · 2024년 3월 29일, 마이크로소프트 의 PostgreSQL 개발자 안드레스 프런드 (Andres Freund)가 리눅스 liblzma 라이브러리 내 xz 버전 5.6.0, 5.6.1에 백도어 가 심어져 있음을 발견하여 화제 가 된 보안 취약점 사건. … May 24, 2025 · According to CISA, a vulnerability in XZ could allow an attacker to gain remote access to such systems. It truly was a key to the digital infrastructure of entire countries—and … Jun 6, 2025 · CVE-2024-3094 is a critical vulnerability discovered in the open-source library XZ Utils, caused by malicious code introduced by one of its maintainers. Initially reported as an SSH … May 28, 2025 · In early 2024, security researchers made a startling discovery: a sophisticated backdoor hidden in XZ Utils, a widely used data compression library at the heart of countless … Jan 7, 2025 · The recent discovery of the XZ backdoor (CVE-2024-3094) highlights the dangers of supply chain attacks. This blog post breaks down the vulnerability, its impact, and how Spectrum …[0m[32;1m[1;3m
Invoking: `WebsiteContentLoader` 

{'input': 'Research about the XZ backdoor',
 'output': 'I have completed the research and saved the information about the XZ backdoor to the result.txt file. If you need further assistance, please let me know.'}