legal-risk-assessment
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection through external risk data processing.\n
- Ingestion points: Both
scripts/risk_scorer.pyandscripts/risk_report_generator.pyingest untrusted data from JSON files provided via the--inputflag.\n - Boundary markers: No boundary markers, delimiters, or "ignore embedded instructions" warnings are used when the scripts interpolate descriptions into generated markdown reports or terminal output.\n
- Capability inventory: The
scripts/risk_report_generator.pyscript has file-write capabilities (--output), and both scripts produce output that is returned to the agent's context, creating a channel for processed instructions to influence downstream behavior.\n - Sanitization: No sanitization, escaping, or validation of the input strings is performed before they are embedded into the output templates.
Audit Metadata