contract-template
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references the installation of the
@accordproject/cicero-clipackage. This is a well-known open-source tool provided by the Accord Project organization. - [COMMAND_EXECUTION]: Provides example shell commands for the
ciceroCLI tool, such asparse,trigger, anddraft. These are illustrative examples intended for the user to execute in their own development environment. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it generates templates based on user-provided contract descriptions (Ingestion points: User prompts for contract terms; Boundary markers: Absent; Capability inventory: create_docx, fill_docx_template; Sanitization: Absent). This is a low-risk finding inherent to the skill's purpose of template generation.
Audit Metadata