patent-lawyer-agent
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXFILTRATION (HIGH): The script
scripts/markdown_to_pdf.pycontains a Local File Inclusion (LFI) vulnerability. Theembed_images_as_base64function uses a regular expression to find image paths in markdown () and opens those paths directly usingopen(full_path, 'rb'). - Evidence: If a user or an injected prompt provides a markdown line like
, the script will read that file and embed its contents as a base64 string directly into the output PDF. - Context: This allows an attacker to exfiltrate any file the system user has access to by simply requesting a PDF conversion.
- PROMPT_INJECTION (HIGH): All agents (claims-strategist, ip-strategy-advisor, patentability-analyst, prior-art-searcher) ingest external data (invention descriptions) without any boundary markers or sanitization logic.
- Ingestion Points: User-provided technical descriptions and patent data processed by the agents.
- Capability Inventory: Access to the
markdown_to_pdf.pyscript which has file-read capabilities. - Boundary Markers: Absent. No delimiters (e.g., XML tags or triple quotes) are used to isolate untrusted user input from system instructions.
- Sanitization: Absent. There is no filtering of markdown syntax that could trigger the file-read vulnerability mentioned above.
- EXTERNAL_DOWNLOADS (LOW): The script
scripts/markdown_to_pdf.pyrelies on external librariesmarkdownandweasyprint. While these are common packages, their use in a script that processes untrusted HTML/Markdown increases the attack surface (e.g., via SSRF in WeasyPrint if remote resources are enabled).
Recommendations
- AI detected serious security threats
Audit Metadata