nlweb-auth-multitenancy
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected. The skill directs the agent to fetch and process content from external URLs, which could contain instructions designed to subvert agent behavior.
- Ingestion points: Documentation files at
https://github.com/nlweb-ai/NLWeb/blob/main/docs/setup-oauth.mdandhttps://github.com/nlweb-ai/NLWeb/blob/main/docs/nlweb-memory.md(SKILL.md). - Boundary markers: Absent. No delimiters or instructions are provided to the agent to distinguish between documentation and potential malicious instructions within those files.
- Capability inventory: The skill allows the use of
Bash,Write, andEdittools, which provide significant control over the local environment and codebase (SKILL.md). - Sanitization: Absent. There is no instruction to validate or sanitize the content retrieved from the external source.
- [EXTERNAL_DOWNLOADS]: Fetches documentation and implementation details from a public GitHub repository using the
WebFetchtool. - [COMMAND_EXECUTION]: Uses the
Bashtool to inspect local source code and configuration files, such asconfig/config_oauth.yamlandconfig/config_storage.yaml, to identify current authentication flows and storage keys.
Audit Metadata