Contract Analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): The provided skill does not contain any executable scripts, configuration files, or external dependencies. It functions purely as a high-level markdown workflow description.
- PROMPT_INJECTION (LOW): The skill is designed to ingest and process untrusted external data in the form of legal contracts, creating a surface for Indirect Prompt Injection.
- Ingestion points: Workflow 1 (Document Intake) in SKILL.md specifies loading contracts for analysis.
- Boundary markers: None specified in the workflow description to delimit untrusted content from instructions.
- Capability inventory: No active capabilities (file write, network access, or shell execution) are defined in the provided skill files.
- Sanitization: No sanitization or validation logic is defined to mitigate instructions embedded within analyzed documents.
Audit Metadata