document-review
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external text such as contracts and terms of service, which serves as an entry point for indirect prompt injection attacks. If a processed document contains hidden instructions intended to manipulate the AI's output, the agent may follow them due to a lack of protective boundaries.
- Ingestion points: The skill explicitly requests external documents or pasted text from the user in the 'Input Required' section.
- Boundary markers: There are no delimiters or instructions provided to the agent to treat the input document strictly as data and ignore any embedded commands.
- Capability inventory: The skill has very limited capabilities; it is a text-based prompt and the 'disable-model-invocation: true' setting further restricts its environment. It lacks network access, file-writing permissions, or command execution abilities.
- Sanitization: The prompt does not include any logic to sanitize, escape, or validate the content of the documents being analyzed to prevent malicious instructions from influencing the review process.
Audit Metadata