tabular-review-lawvable
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes content from untrusted external documents (PDF, DOCX) which could potentially contain malicious instructions intended to mislead the LLM sub-agents during the extraction process.
- Ingestion points: Local PDF and DOCX files identified via user-provided folder paths in Step 2.
- Boundary markers: Absent; the sub-agent prompt template does not use specific delimiters or instructions to ignore embedded commands within the document text.
- Capability inventory: Reading local filesystem, launching background sub-agents (Task), and writing Excel files (xlsx skill).
- Sanitization: None; the raw text of documents is processed by the sub-agents for extraction.
- [Data Exposure] (SAFE): The skill generates Excel files containing absolute file paths in
file://hyperlinks. While this exposes local path structures, it is a core feature of the tool's document review matrix purpose and is initiated only via explicit user-provided paths.
Audit Metadata