nlweb-retrieval-backends
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches architectural documentation and configuration schemas from the NLWeb GitHub repository to ensure the agent uses current configuration keys.
- [COMMAND_EXECUTION]: Instructions guide the agent to use the Bash tool to run local Python modules (
data_loading.db_load) for managing database content and index migrations. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted data from an external repository to inform its file editing and command execution tasks.
- Ingestion points: External files
nlweb-retrieval.mdandconfig_retrieval.yamlare fetched fromgithub.com/nlweb-ai/NLWebviaWebFetch(SKILL.md lines 11-13). - Boundary markers: Absent; the agent is instructed to treat the fetched remote content as authoritative for identifying configuration keys and client signatures.
- Capability inventory: The skill utilizes
Bashfor database operations andWrite/Editfor modifying local configuration files. - Sanitization: No explicit validation or sanitization is performed on the content of the external files before processing.
Audit Metadata