nlweb-chatgpt-appsdk
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its instructions to ingest content from external sources while possessing broad system capabilities.\n
- Ingestion points: Instructions specify fetching documentation from
github.com/nlweb-ai/NLWeband performing web searches for OpenAI's Apps SDK documentation.\n - Boundary markers: Absent. The skill does not provide instructions to the agent on how to isolate or ignore embedded instructions within the fetched data.\n
- Capability inventory: The skill allows access to
Bash,Write, andEdittools, which could be exploited if the agent follows malicious instructions hidden in external documentation.\n - Sanitization: No validation or sanitization procedures are mentioned for processing content retrieved from the web.\n- [EXTERNAL_DOWNLOADS]: Fetches technical documentation and integration guidelines from GitHub and OpenAI's official platforms to assist with the setup process.\n- [COMMAND_EXECUTION]: Provides standard instructions for project configuration, including Node.js dependency installation (
npm install), building components (npm run build), and executing Python/Node.js servers locally.
Audit Metadata