contract-review-anthropic
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's metadata identifies the author as 'Anthropic', which contradicts the provided author context of 'lawvable'. This discrepancy is a form of metadata poisoning that misrepresents the skill's origin and could lead users to misjudge its reliability and safety profile.\n- [PROMPT_INJECTION]: The skill processes untrusted external content (contract text), creating a surface for indirect prompt injection. Malicious instructions could be embedded in the analyzed documents to influence the agent's behavior.\n
- Ingestion points: The agent is instructed to 'Read the entire contract' provided for review (SKILL.md).\n
- Boundary markers: Absent. There are no instructions to the agent to treat the contract text as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The skill reads local settings for a 'configured playbook' (SKILL.md).\n
- Sanitization: Absent. No mention of filtering or sanitizing input text is present.
Audit Metadata