nlweb-retrieval-backends

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches architectural documentation and configuration schemas from the NLWeb GitHub repository to ensure the agent uses current configuration keys.
  • [COMMAND_EXECUTION]: Instructions guide the agent to use the Bash tool to run local Python modules (data_loading.db_load) for managing database content and index migrations.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted data from an external repository to inform its file editing and command execution tasks.
  • Ingestion points: External files nlweb-retrieval.md and config_retrieval.yaml are fetched from github.com/nlweb-ai/NLWeb via WebFetch (SKILL.md lines 11-13).
  • Boundary markers: Absent; the agent is instructed to treat the fetched remote content as authoritative for identifying configuration keys and client signatures.
  • Capability inventory: The skill utilizes Bash for database operations and Write/Edit for modifying local configuration files.
  • Sanitization: No explicit validation or sanitization is performed on the content of the external files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 01:39 PM
Security Audit — agent-trust-hub — nlweb-retrieval-backends