nlweb-data-loading
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch canonical documentation and inspect script implementations from an external GitHub repository (
github.com/nlweb-ai/NLWeb). This is used to verify CLI flags and mapping logic before execution. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to run the local Python moduledata_loading.db_load. These commands handle data ingestion, site partitioning, and database cleanup operations. - [PROMPT_INJECTION]: The skill establishes a pipeline for ingesting untrusted third-party data (RSS/Atom feeds, Schema.org JSON-LD, and CSVs) which presents an indirect injection surface.
- Ingestion points: External URLs provided via command line or URL list files (
--url-list). - Boundary markers: None mentioned in the skill instructions; the agent is not instructed to use specific delimiters when processing this data.
- Capability inventory:
Bash(command execution),WebFetch(data retrieval),Read/Write(configuration and database access). - Sanitization: No explicit sanitization or validation steps are outlined in the skill instructions, relying on the internal logic of the
db_load.pyscript.
Audit Metadata