contract-copilot
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_&_EXFILTRATION]: No sensitive data access or network communication was detected. The scripts operate entirely on local files provided by the user and maintain a local archive and configuration directory.
- [UNVERIFIABLE_DEPENDENCIES_&_REMOTE_CODE_EXECUTION]: The skill requires standard Python packages ('defusedxml' and 'lxml') for document processing. No remote code execution or suspicious runtime downloads were found. A PowerShell wrapper is included for Windows path compatibility, but it only invokes the local Python interpreter.
- [OBFUSCATION]: All instructions and code are written in plain text (Chinese/English/Python/PowerShell) without any attempts at obfuscation or character hiding.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data (contracts), which is a common surface for indirect prompt injection. However, the impact is mitigated as the associated scripts have no network access and use secure XML parsing libraries ('defusedxml').
- Ingestion points: The 'apply_review_plan.py' script accepts a user-provided DOCX file as input.
- Boundary markers: The skill uses a structured 'review-plan.json' and a multi-layered analysis framework in 'SKILL.md' to guide the agent, though no explicit runtime text delimiters are used in the scripts.
- Capability inventory: The skill can read and write local files, create directories for archiving, and modify document structure. It cannot access the network.
- Sanitization: The skill uses the 'defusedxml' library for all XML parsing, which provides robust protection against XML External Entity (XXE) and other XML-based injection attacks.
Audit Metadata