nlweb-llm-providers
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation advises fetching live configuration schemas and model lists from the project's official GitHub repository (github.com/nlweb-ai/NLWeb). This is a legitimate use of external resources for maintaining configuration parity.\n- [COMMAND_EXECUTION]: The instructions include usage of local CLI tools like
ollamafor pulling models and a Python moduledata_loading.db_loadfor site index management. These are standard administrative tasks for the described software.\n- [CREDENTIALS_UNSAFE]: References are made to environment variables for API keys (e.g.,AZURE_OPENAI_API_KEY,HF_TOKEN). The skill correctly recommends the use of a.envfile for local storage, which is a secure and standard practice.\n- [PROMPT_INJECTION]: The conceptual architecture describes a pipeline that processes user queries. The instructions specify that each call uses a strict JSON schema (<returnStruc>) which acts as a validation layer for LLM responses and helps mitigate potential injection risks.
Audit Metadata