agreement-generator
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for text and document generation based on user-provided parameters. It limits its operation to a safe subset of tools (Read, Write, Glob, Grep) and does not request shell access or network capabilities.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user data during its information-gathering wizard to populate agreement templates.
- Ingestion points: User-provided names, addresses, and business terms collected during the 'information-gathering wizard' (SKILL.md).
- Boundary markers: Absent; the instructions do not specify delimiters or warnings for the agent to ignore embedded instructions within user inputs.
- Capability inventory: The skill uses 'Write', 'Read', 'Glob', and 'Grep' tools to manage the generated agreement files.
- Sanitization: Absent; no explicit validation or escaping of user input is described.
- Note: While the surface exists, the lack of dangerous capabilities (like shell execution) and the descriptive nature of the task render this risk minimal.
Audit Metadata