Contract Analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- PROMPT_INJECTION (MEDIUM): Vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: Processes untrusted contract text (SKILL.md). * Boundary markers: None. The prompt does not specify delimiters or instructions to ignore commands within the contract text. * Capability inventory: Significant internal influence over agent/user decision-making via 'Negotiation Points' and 'Risk Flags'. * Sanitization: None.
- EXTERNAL_DOWNLOADS (MEDIUM): Promotion of unverifiable external tools (Category 4/7). * Evidence: The skill body contains a command to
clawhub install afrexai-proposal-gen. * Context: Neither the 'clawhub' registry nor the '1kalin'/'afrexai-cto' entities are in the trusted source whitelist. This encourages the download and execution of untrusted third-party code. * Metadata: Includes a link to a paid 'context pack' on an untrusted GitHub Pages site.
Audit Metadata