nlweb-chatgpt-appsdk

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions require the agent to fetch documentation from external GitHub repositories and perform web searches for OpenAI SDK documentation. This establishes an ingestion surface for indirect prompt injection, where malicious instructions embedded in the external content could potentially influence the agent's behavior.
  • Ingestion points: WebFetch of documentation from github.com/nlweb-ai/NLWeb and general WebSearch for OpenAI Apps SDK documentation (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present when processing this external data.
  • Capability inventory: The skill utilizes Bash for server management and Write/Edit for file modifications.
  • Sanitization: No sanitization or validation steps are defined for the fetched external content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The implementation guidance provides shell commands for environment setup and execution of the integration components.
  • Evidence: Commands to install Node.js dependencies and start the MCP server: npm install, npm run build, and npm start within the openai-apps-sdk-integration/nlweb_server_node directory.
  • Evidence: Commands to execute Python-based servers: python AskAgent/python/app-aiohttp.py and python AskAgent/python/webserver/appsdk_adapter_server.py.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and configuration details from external GitHub repositories to guide the integration process.
  • Evidence: Instructions to fetch canonical wiring steps and adapter documentation from the nlweb-ai GitHub organization's repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:50 PM
Security Audit — agent-trust-hub — nlweb-chatgpt-appsdk