nlweb-setup

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill clones a software repository from an external source (github.com/nlweb-ai/NLWeb) and fetches multiple documentation files using WebFetch.
  • [REMOTE_CODE_EXECUTION]: The instructions direct the agent to execute setup tools and initialization scripts bundled within the cloned repository, such as nlweb init-python and nlweb init.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment configuration, including creating virtual environments and installing Python packages from a requirements file (pip install -r requirements.txt).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it requires the agent to fetch and process live documentation and release notes from a remote repository to determine configuration parameters and environment variables.
  • Ingestion points: SKILL.md (WebFetch of README.md, release notes, and CLI documentation from github.com/nlweb-ai/NLWeb).
  • Boundary markers: Absent; no delimiters are used to separate remote content from instructions.
  • Capability inventory: SKILL.md (Bash tool for cloning, package installation, and execution of the nlweb CLI; Write tool for creating .env and YAML config files).
  • Sanitization: Absent; the agent is not instructed to validate or sanitize content retrieved from the remote repository before acting on it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — nlweb-setup