skill-name
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The analyzed files provide a structural template for a skill designed to analyze legal documents using MCP tools.
- [EXTERNAL_DOWNLOADS]: The skill contains commented-out examples of external data sources (Alpha Vantage and Yahoo Finance) and links to official GitHub discussions. These are informational and do not involve remote code execution.
- [INDIRECT_PROMPT_INJECTION]: The skill defines an input surface for processing external document formats (PDF, DOCX) via text-extraction tools, which is a common vector for indirect prompt injection. However, as this is a template for document analysis, the presence of the capability is expected and safe. 1. Ingestion points: Document files defined in the input section of SKILL.md. 2. Boundary markers: None present in the template. 3. Capability inventory: Uses MCP tools such as extract_text_from_pdf and extract_text_from_docx. 4. Sanitization: No sanitization is specified in the skeleton code.
Audit Metadata