nlweb-auth-multitenancy

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill directs the agent to inspect configuration files known to contain sensitive information.\n- Evidence: The instructions explicitly state to "Check config/config_oauth.yaml and config/config_storage.yaml for current keys." This may expose client secrets and API keys to the agent's context.\n- [EXTERNAL_DOWNLOADS]: The skill fetches external content to supplement its instructions.\n- Evidence: It uses WebFetch to retrieve documentation from https://github.com/nlweb-ai/NLWeb/blob/main/docs/setup-oauth.md and https://github.com/nlweb-ai/NLWeb/blob/main/docs/nlweb-memory.md.\n- [PROMPT_INJECTION]: The practice of fetching and processing external files creates a surface for indirect prompt injection.\n- Ingestion points: Markdown files from the nlweb-ai GitHub organization are fetched using the WebFetch tool.\n- Boundary markers: Absent. There are no instructions or markers to distinguish between legitimate documentation and potentially malicious instructions within the fetched content.\n- Capability inventory: The agent has powerful tools enabled, including Bash, Write, and Edit via the allowed-tools configuration, which could be abused if an injection occurs.\n- Sanitization: Absent. The skill does not describe any validation or sanitization steps for the retrieved external content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — nlweb-auth-multitenancy