nda-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- General Security (SAFE): The skill consists entirely of natural language guidance for the agent. There are no shell commands, external dependencies, or hardcoded secrets.
- Indirect Prompt Injection (INFO): The skill's primary function is to process untrusted data (NDA documents). While this is an attack surface for indirect prompt injection, the skill lacks any capabilities to act on malicious instructions (no network, no file-write, no subprocess calls). The risk is limited to the agent producing a misleading report, which does not constitute a security breach of the host system.
Audit Metadata