nlweb-chatgpt-appsdk

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its instructions to ingest content from external sources while possessing broad system capabilities.\n
  • Ingestion points: Instructions specify fetching documentation from github.com/nlweb-ai/NLWeb and performing web searches for OpenAI's Apps SDK documentation.\n
  • Boundary markers: Absent. The skill does not provide instructions to the agent on how to isolate or ignore embedded instructions within the fetched data.\n
  • Capability inventory: The skill allows access to Bash, Write, and Edit tools, which could be exploited if the agent follows malicious instructions hidden in external documentation.\n
  • Sanitization: No validation or sanitization procedures are mentioned for processing content retrieved from the web.\n- [EXTERNAL_DOWNLOADS]: Fetches technical documentation and integration guidelines from GitHub and OpenAI's official platforms to assist with the setup process.\n- [COMMAND_EXECUTION]: Provides standard instructions for project configuration, including Node.js dependency installation (npm install), building components (npm run build), and executing Python/Node.js servers locally.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:35 AM
Security Audit — agent-trust-hub — nlweb-chatgpt-appsdk