nlweb-tools-framework
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation, configuration files (XML), and prompt templates from the NLWeb project's public GitHub repository (
github.com/nlweb-ai/NLWeb). These resources are used for context and do not involve executable code downloads. - [COMMAND_EXECUTION]: Provides a
curlcommand for developers to test custom tool routing on their local machine (localhost:8000). This is a standard practice for development and testing. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The framework's tool handlers (e.g.,
methods/your_tool.py) ingest and process user-providedquerystrings. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided implementation sketches.
- Capability inventory: Handlers utilize
context.retrieverandcontext.rankerto interact with indexed data. - Sanitization: No specific input sanitization or validation logic is defined in the implementation guidance, as it focuses on framework architecture.
Audit Metadata