nda-triage
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely through natural language instructions provided to the AI agent. It contains no shell commands, script files, or requests for tool execution that could affect the security of the environment.
- [SAFE]: Evaluation of potential Indirect Prompt Injection surface (Category 8):
- Ingestion points: The skill ingests user-supplied text (NDA content) for analysis.
- Boundary markers: The instructions do not specify strict delimiters for the input text, though they provide clear context for its use.
- Capability inventory: No capabilities for file system access, network communication, or subprocess execution are defined or requested.
- Sanitization: No input sanitization is present, which is acceptable given the lack of dangerous tools or actionable capabilities available for exploitation.
- [SAFE]: No obfuscation, hardcoded credentials, or persistence mechanisms were detected. The references to future dates for legal updates (September 2026) are relevant to the specific legal context of South Korean privacy laws and do not trigger any conditional malicious logic.
Audit Metadata