legal-document-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external files (PDF, DOCX, TXT) via the LegalDocumentParser. This content is processed and interpolated into reports in LegalReportGenerator without sanitization or boundary markers, creating a surface for adversarial content to influence the agent's reasoning or report formatting.
- External Downloads (LOW): The skill depends on external libraries pypdf and python-docx for its core functionality. While these are standard packages, they represent third-party dependencies used to process potentially malicious untrusted inputs.
Audit Metadata