nlweb-tools-framework

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation, configuration files (XML), and prompt templates from the NLWeb project's public GitHub repository (github.com/nlweb-ai/NLWeb). These resources are used for context and do not involve executable code downloads.
  • [COMMAND_EXECUTION]: Provides a curl command for developers to test custom tool routing on their local machine (localhost:8000). This is a standard practice for development and testing.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: The framework's tool handlers (e.g., methods/your_tool.py) ingest and process user-provided query strings.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided implementation sketches.
  • Capability inventory: Handlers utilize context.retriever and context.ranker to interact with indexed data.
  • Sanitization: No specific input sanitization or validation logic is defined in the implementation guidance, as it focuses on framework architecture.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 11:07 PM
Security Audit — agent-trust-hub — nlweb-tools-framework