nlweb-setup
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a software repository from an external source (
github.com/nlweb-ai/NLWeb) and fetches multiple documentation files using WebFetch. - [REMOTE_CODE_EXECUTION]: The instructions direct the agent to execute setup tools and initialization scripts bundled within the cloned repository, such as
nlweb init-pythonandnlweb init. - [COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment configuration, including creating virtual environments and installing Python packages from a requirements file (
pip install -r requirements.txt). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it requires the agent to fetch and process live documentation and release notes from a remote repository to determine configuration parameters and environment variables.
- Ingestion points:
SKILL.md(WebFetch of README.md, release notes, and CLI documentation fromgithub.com/nlweb-ai/NLWeb). - Boundary markers: Absent; no delimiters are used to separate remote content from instructions.
- Capability inventory:
SKILL.md(Bash tool for cloning, package installation, and execution of thenlwebCLI; Write tool for creating.envand YAML config files). - Sanitization: Absent; the agent is not instructed to validate or sanitize content retrieved from the remote repository before acting on it.
Audit Metadata