legal-qa-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user-provided legal records which could contain malicious instructions. Evidence: 1. Ingestion points: Processes document files and pasted text as described in SKILL.md. 2. Boundary markers: Absent; no specific delimiters are used to separate content from instructions in the workflow. 3. Capability inventory: Writes output to markdown files in the local directory per instructions in SKILL.md and output-template.md. 4. Sanitization: Absent; while PII de-identification is mandated, there is no instruction to sanitize potential injection payloads in the source text.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or network exfiltration patterns found. The skill includes explicit instructions for de-identification of client names and corporate entities to protect privacy.
- [Remote Code Execution] (SAFE): No executable code, scripts, or package dependencies are present in the skill files.
Audit Metadata