nlweb-chatgpt-appsdk
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructions require the agent to fetch documentation from external GitHub repositories and perform web searches for OpenAI SDK documentation. This establishes an ingestion surface for indirect prompt injection, where malicious instructions embedded in the external content could potentially influence the agent's behavior.
- Ingestion points: WebFetch of documentation from
github.com/nlweb-ai/NLWeband general WebSearch for OpenAI Apps SDK documentation (SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present when processing this external data.
- Capability inventory: The skill utilizes
Bashfor server management andWrite/Editfor file modifications. - Sanitization: No sanitization or validation steps are defined for the fetched external content before it is processed by the agent.
- [COMMAND_EXECUTION]: The implementation guidance provides shell commands for environment setup and execution of the integration components.
- Evidence: Commands to install Node.js dependencies and start the MCP server:
npm install,npm run build, andnpm startwithin theopenai-apps-sdk-integration/nlweb_server_nodedirectory. - Evidence: Commands to execute Python-based servers:
python AskAgent/python/app-aiohttp.pyandpython AskAgent/python/webserver/appsdk_adapter_server.py. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and configuration details from external GitHub repositories to guide the integration process.
- Evidence: Instructions to fetch canonical wiring steps and adapter documentation from the
nlweb-aiGitHub organization's repository.
Audit Metadata