contractor-agreement-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes untrusted documents provided by users, which creates a surface for indirect prompt injection where a document could contain instructions intended to mislead the agent's analysis.
- Ingestion points: User-provided contractor agreements analyzed in CHECK and ADVISE modes (SKILL.md).
- Boundary markers: Absent. The instructions do not specify delimiters to isolate untrusted text from the logic.
- Capability inventory: None. The skill only performs text-based analysis and returns formatted markdown reports. No subprocess calls, network requests, or file writes are present in any script or instruction.
- Sanitization: None detected. The skill performs direct analysis of input content against local reference files.
Audit Metadata