nlweb-mcp-server

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch protocol specifications and code references from the official NLWeb GitHub repository. This ensures the integration logic remains aligned with the latest server releases.
  • [DATA_EXFILTRATION]: Provides examples for communicating with an MCP server via JSON-RPC 2.0 POST requests. These network operations are the intended primary function of the skill for tool invocation and do not involve harvesting sensitive local information.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of external natural-language data through the ask tool, which creates an inherent surface for indirect prompt injection.
  • Ingestion points: Responses from the ask tool via the MCP /mcp endpoint in SKILL.md.
  • Boundary markers: Not explicitly specified in the implementation guidance provided.
  • Capability inventory: The skill's environment includes tools such as Bash, Write, and WebFetch which could be targeted by instructions embedded in ingested data.
  • Sanitization: No specific sanitization or validation steps are outlined for the content returned by the NLWeb sites.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — nlweb-mcp-server