nlweb-auth-multitenancy
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill directs the agent to inspect configuration files known to contain sensitive information.\n- Evidence: The instructions explicitly state to "Check
config/config_oauth.yamlandconfig/config_storage.yamlfor current keys." This may expose client secrets and API keys to the agent's context.\n- [EXTERNAL_DOWNLOADS]: The skill fetches external content to supplement its instructions.\n- Evidence: It usesWebFetchto retrieve documentation fromhttps://github.com/nlweb-ai/NLWeb/blob/main/docs/setup-oauth.mdandhttps://github.com/nlweb-ai/NLWeb/blob/main/docs/nlweb-memory.md.\n- [PROMPT_INJECTION]: The practice of fetching and processing external files creates a surface for indirect prompt injection.\n- Ingestion points: Markdown files from thenlweb-aiGitHub organization are fetched using theWebFetchtool.\n- Boundary markers: Absent. There are no instructions or markers to distinguish between legitimate documentation and potentially malicious instructions within the fetched content.\n- Capability inventory: The agent has powerful tools enabled, includingBash,Write, andEditvia the allowed-tools configuration, which could be abused if an injection occurs.\n- Sanitization: Absent. The skill does not describe any validation or sanitization steps for the retrieved external content.
Audit Metadata