ley-ar
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to non-whitelisted official domains including saij.gob.ar, scba.gov.ar, csjn.gov.ar, and juscaba.gob.ar. These connections are necessary for the skill's primary function of legal research.\n- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection by ingesting and displaying data from external search results.\n
- Ingestion points: Untrusted text is retrieved from legal databases in csjn.py, juba.py, juscaba.py, and saij.py.\n
- Boundary markers: The CLI output (formatted via formatters.py) provides results in tables or JSON but does not include explicit boundary markers or instructions to isolate the external content from the agent's context.\n
- Capability inventory: The skill is capable of network requests to specific domains; it does not exhibit file system write access or arbitrary command execution capabilities.\n
- Sanitization: Basic sanitization is present in the form of HTML tag stripping in csjn.py (_strip) and juba.py (_clean_html), which helps reduce some injection surface.
Audit Metadata