contract-review
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests and analyzes untrusted external data (contracts and legal documents) provided by users, which serves as a potential vector for malicious instructions.
- Ingestion points: User-supplied contract text and legal document drafts provided during the workflow.
- Boundary markers: Absent; the prompt structure does not utilize specific delimiters to clearly separate untrusted user input from the skill's operational logic.
- Capability inventory: The skill uses sequential thinking and legal database tools for analysis, but does not exhibit dangerous capabilities like arbitrary shell execution or unauthorized network access.
- Sanitization: No evidence of input validation or content filtering was found in the skill's instructions or reference guides.
Audit Metadata