Skills
skills/esign-cn-open-source/skills/esign-automation/Gen Agent Trust Hub

esign-automation

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
  • Ingestion points: The skill ingests external data from local files provided via the filePath argument and signer information from signersJson in SKILL.md and scripts/send_envelope.ts.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore embedded instructions within the document content or metadata.
  • Capability inventory: The skill has the capability to read local files, perform network operations (uploading documents to eSignGlobal APIs), and execute commands via npx tsx.
  • Sanitization: While the script validates the format of signer JSON and file existence, it does not sanitize the content of the documents being sent, which could contain malicious instructions for downstream viewers or the agent itself if it processes the document content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 06:38 AM