nlweb-llm-providers

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation advises fetching live configuration schemas and model lists from the project's official GitHub repository (github.com/nlweb-ai/NLWeb). This is a legitimate use of external resources for maintaining configuration parity.\n- [COMMAND_EXECUTION]: The instructions include usage of local CLI tools like ollama for pulling models and a Python module data_loading.db_load for site index management. These are standard administrative tasks for the described software.\n- [CREDENTIALS_UNSAFE]: References are made to environment variables for API keys (e.g., AZURE_OPENAI_API_KEY, HF_TOKEN). The skill correctly recommends the use of a .env file for local storage, which is a secure and standard practice.\n- [PROMPT_INJECTION]: The conceptual architecture describes a pipeline that processes user queries. The instructions specify that each call uses a strict JSON schema (<returnStruc>) which acts as a validation layer for LLM responses and helps mitigate potential injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — nlweb-llm-providers