Skills
skills/claude-office-skills/skills/contract-review/Gen Agent Trust Hub

contract-review

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted documents.
  • Ingestion points: The skill accepts PDF, DOCX, and TXT files as input for contract analysis in SKILL.md.
  • Boundary markers: There are no explicit delimiters or specific warnings defined to isolate the document content from the AI's instruction set.
  • Capability inventory: The skill uses MCP tools including extract_text_from_pdf, extract_text_from_docx, and analyze_document_structure to ingest content.
  • Sanitization: No evidence of sanitization, filtering, or validation of the processed document content is present in the instructions.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources hosted on GitHub.
  • Evidence: The README.md and SKILL.md files contain links to repositories and raw files within the claude-office-skills GitHub organization. These are recognized as legitimate vendor resources from the skill's author.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:20 AM