contract-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: This skill is strictly composed of markdown instructions and metadata, containing no executable scripts or binary files.
- [EXTERNAL_DOWNLOADS]: The skill configuration references external MCP tools and knowledge files which are required for its intended functionality and do not constitute a security risk.
- [DATA_EXFILTRATION]: No hardcoded secrets or network exfiltration patterns were detected during the analysis.
- [PROMPT_INJECTION]: The skill's prompts are designed for document analysis and do not contain instructions aimed at overriding safety protocols or agent behavior.
- [SAFE]: Indirect Prompt Injection Analysis: (1) Ingestion: User-uploaded contracts (pdf, docx, txt) via SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: MCP tools for text and structure analysis. (4) Sanitization: Absent. The skill's primary function is document analysis, making this surface necessary and acceptable.
Audit Metadata