contract-redliner
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted text from documents that could contain malicious instructions designed to manipulate agent behavior.
- Ingestion points: Untrusted contract data is loaded into the context using the
Readtool from user-provided file paths or URLs, as specified in Step 1 of SKILL.md. - Boundary markers: Absent. There are no instructions for using delimiters (e.g., XML tags) or providing explicit warnings to the agent to disregard instructions found within the contract content.
- Capability inventory: The skill frontmatter authorizes the use of powerful tools including
Bash,Write,Glob, andGrep, which could be exploited if an injection attack is successful. - Sanitization: Absent. The instructions do not define any procedures for validating or sanitizing the ingested text before it is analyzed by the model.
Audit Metadata