nlweb-data-loading
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill describes an ingestion pipeline (db_load.py) that processes untrusted data from external sources such as RSS feeds, JSON-LD URLs, Sitemaps, and CSV files. This creates a potential surface for indirect prompt injection, where malicious instructions embedded in the ingested data could be retrieved and executed by an agent later.
- Ingestion points: Data enters via the
db_load.pyscript through URLs (RSS/JSON-LD/Sitemaps) or local files (CSV/URL lists). - Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the ingested data from agent instructions.
- Capability inventory: The skill allows the use of the
Bashtool to run the ingestion scripts. - Sanitization: No mention of sanitization or validation of the content being loaded into the vector store.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and inspect source code from the
nlweb-ai/NLWebrepository on GitHub. This is documented neutrally as a reference for technical implementation details.
Audit Metadata