Ukhradviser
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to ingest and process untrusted user context regarding workplace disputes and employment contracts to generate legal guidance.
- Ingestion points: User-provided descriptions of HR issues, employment details, and contract terms are processed in
SKILL.md. - Boundary markers: The skill does not implement explicit delimiters or instructions to treat user-provided text as untrusted data.
- Capability inventory: The agent has the capability to perform web searches for current legislation and read local skill documentation files (
CLAUDE.md) based on the ingested context, as specified inSKILL.md. - Sanitization: There are no defined procedures for the sanitization or validation of user input within the skill's instructions.
Audit Metadata