nlweb-mcp-server
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch protocol specifications and code references from the official NLWeb GitHub repository. This ensures the integration logic remains aligned with the latest server releases.
- [DATA_EXFILTRATION]: Provides examples for communicating with an MCP server via JSON-RPC 2.0 POST requests. These network operations are the intended primary function of the skill for tool invocation and do not involve harvesting sensitive local information.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of external natural-language data through the
asktool, which creates an inherent surface for indirect prompt injection. - Ingestion points: Responses from the
asktool via the MCP/mcpendpoint inSKILL.md. - Boundary markers: Not explicitly specified in the implementation guidance provided.
- Capability inventory: The skill's environment includes tools such as
Bash,Write, andWebFetchwhich could be targeted by instructions embedded in ingested data. - Sanitization: No specific sanitization or validation steps are outlined for the content returned by the NLWeb sites.
Audit Metadata