Skills
skills/cat-xierluo/legal-skills/litigation-analysis/Gen Agent Trust Hub

litigation-analysis

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • Prompt Injection (SAFE): No malicious instructions designed to override agent behavior or bypass safety filters were found in the skill body or metadata.
  • Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network communication patterns were detected. The skill processes user-provided legal documents locally within the agent context.
  • Obfuscation (SAFE): All markdown files are in clear text. There is no evidence of Base64 encoding, zero-width characters, or homoglyph-based evasion.
  • Unverifiable Dependencies & Remote Code Execution (SAFE): This is a documentation-only skill. It does not include any Python or Node.js packages, nor does it attempt to download or execute remote scripts via curl or wget.
  • Privilege Escalation (SAFE): No commands attempting to gain administrative privileges or modify system permissions (e.g., sudo, chmod) are present.
  • Persistence Mechanisms (SAFE): The skill does not attempt to modify system configuration files or create scheduled tasks for persistence.
  • Metadata Poisoning (SAFE): The metadata accurately reflects the tool's purpose. No hidden instructions were found in fields like name, description, or author.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: The skill is designed to ingest and analyze external text from legal documents, including judgments and transcripts, via the @ file path reference or copy-paste.
  • Boundary markers: The templates (e.g., template-internal.md) lack explicit delimiters or instructions to treat user-provided text as untrusted data, which is a standard surface for indirect prompt injection.
  • Capability inventory: The skill uses high-level tool calls like /deepresearch, which could be influenced by malicious instructions embedded in a fake legal document.
  • Sanitization: There is no evidence of input sanitization or filtering logic within the markdown instructions.
  • Time-Delayed / Conditional Attacks (SAFE): No time-gated or environment-triggered logic was identified.
  • Dynamic Execution (SAFE): The skill does not generate code or use dynamic execution functions (e.g., eval or exec).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 12:30 PM