nlweb-prompts-customization

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches framework documentation (nlweb-prompts.md) and configuration files (prompts.xml, site_types.xml) from the nlweb-ai/NLWeb GitHub repository to guide the customization process.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from an external repository, creating a vulnerability surface for indirect prompt injection.
  • Ingestion points: Fetches content from github.com/nlweb-ai/NLWeb using the WebFetch tool as directed in SKILL.md.
  • Boundary markers: No delimiters or warnings are used to prevent the agent from obeying instructions that might be embedded in the external files.
  • Capability inventory: The skill possesses wide-ranging capabilities including file manipulation (Read, Write, Edit, Glob), shell execution (Bash), and network operations (WebFetch, WebSearch), as defined in the allowed-tools of SKILL.md.
  • Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — nlweb-prompts-customization