nlweb-schema-org-grounding
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md instructs runtime ingestion via “URL-list ingest path extracts” Schema.org JSON-LD from fetched third-party web pages (e.g.,
<script type="application/ld+json">on arbitrary URLs), which becomes readableschema_objecttext/JSON in the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching live files that define per-type prompts and tool inheritance — https://github.com/nlweb-ai/NLWeb/blob/main/config/site_types.xml and https://github.com/nlweb-ai/NLWeb/blob/main/docs/nlweb-prompts.md — which are fetched at runtime and directly control the agent's prompts/instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata