nlweb-prompts-customization
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches framework documentation (nlweb-prompts.md) and configuration files (prompts.xml, site_types.xml) from the nlweb-ai/NLWeb GitHub repository to guide the customization process.
- [PROMPT_INJECTION]: The skill ingests untrusted data from an external repository, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: Fetches content from github.com/nlweb-ai/NLWeb using the WebFetch tool as directed in SKILL.md.
- Boundary markers: No delimiters or warnings are used to prevent the agent from obeying instructions that might be embedded in the external files.
- Capability inventory: The skill possesses wide-ranging capabilities including file manipulation (Read, Write, Edit, Glob), shell execution (Bash), and network operations (WebFetch, WebSearch), as defined in the allowed-tools of SKILL.md.
- Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata