nda-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it interpolates user-provided data into legal document templates for generation. * Ingestion points: User-provided context, party names, and confidentiality details processed via SKILL.md. * Boundary markers: Absent; no specific instructions are provided to the model to ignore or escape embedded commands in user data. * Capability inventory: Utilizes create_docx, fill_docx_template, and docx_to_pdf tools in SKILL.md for document manipulation. * Sanitization: No explicit content filtering or validation of user-provided strings is mentioned.
- [NO_CODE]: This skill consists of markdown instructions and metadata without any included scripts or executable code files.
- [SAFE]: No other security concerns such as credential exposure, unauthorized network requests, or obfuscation were identified in the files.
Audit Metadata