nlweb-data-loading

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill describes an ingestion pipeline (db_load.py) that processes untrusted data from external sources such as RSS feeds, JSON-LD URLs, Sitemaps, and CSV files. This creates a potential surface for indirect prompt injection, where malicious instructions embedded in the ingested data could be retrieved and executed by an agent later.
  • Ingestion points: Data enters via the db_load.py script through URLs (RSS/JSON-LD/Sitemaps) or local files (CSV/URL lists).
  • Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the ingested data from agent instructions.
  • Capability inventory: The skill allows the use of the Bash tool to run the ingestion scripts.
  • Sanitization: No mention of sanitization or validation of the content being loaded into the vector store.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and inspect source code from the nlweb-ai/NLWeb repository on GitHub. This is documented neutrally as a reference for technical implementation details.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:34 AM
Security Audit — agent-trust-hub — nlweb-data-loading