nlweb-auth-multitenancy

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected. The skill directs the agent to fetch and process content from external URLs, which could contain instructions designed to subvert agent behavior.
  • Ingestion points: Documentation files at https://github.com/nlweb-ai/NLWeb/blob/main/docs/setup-oauth.md and https://github.com/nlweb-ai/NLWeb/blob/main/docs/nlweb-memory.md (SKILL.md).
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to distinguish between documentation and potential malicious instructions within those files.
  • Capability inventory: The skill allows the use of Bash, Write, and Edit tools, which provide significant control over the local environment and codebase (SKILL.md).
  • Sanitization: Absent. There is no instruction to validate or sanitize the content retrieved from the external source.
  • [EXTERNAL_DOWNLOADS]: Fetches documentation and implementation details from a public GitHub repository using the WebFetch tool.
  • [COMMAND_EXECUTION]: Uses the Bash tool to inspect local source code and configuration files, such as config/config_oauth.yaml and config/config_storage.yaml, to identify current authentication flows and storage keys.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:34 AM
Security Audit — agent-trust-hub — nlweb-auth-multitenancy