legal-pages
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves a legitimate purpose of automating the creation of mandatory legal notices. It uses local templates and does not exfiltrate data or download untrusted code.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes user-supplied data (company details) to generate React components and translation files. This is inherent to its function as a template generator.
- Ingestion points: User input for company name, address, and contact details as defined in
SKILL.md. - Boundary markers: None; the agent is expected to insert raw user strings into templates.
- Capability inventory: The skill writes new files to the
app/directory and updatesmessages/*.jsonfiles. - Sanitization: No explicit instructions for sanitizing or escaping user input are provided, relying on the agent's default behavior.
Audit Metadata