review-contract
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection Surface: The skill processes contract documents from external sources, which is a common surface for indirect prompt injection. While a document could theoretically contain instructions to bias the review, the skill is designed for professional use where such documents are reviewed by legal experts. Evidence includes: (1) Ingestion points: Contract documents or URLs. (2) Boundary markers: Not specified in the prompt. (3) Capability inventory: File reads (legal.local.md) and network fetch. (4) Sanitization: Relies on the AI's core safety guidelines.
- External Data Retrieval: The skill is capable of fetching contract content from user-provided URLs. This is a primary feature intended to support integration with document management systems and is a standard network operation for this use case.
- Configuration File Access: The skill attempts to read a local configuration file ('legal.local.md') to load the negotiation playbook. This is a functional requirement for personalizing the review logic and does not involve access to restricted system files.
Audit Metadata