startup-due-diligence
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): All analyzed components, including checklists, guidance documents, and Python scripts, are benign and focused on the stated purpose of legal due diligence.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes Python scripts (
populate_template.py,validate_data.py) which operate locally on data provided by the user without any subprocess execution or shell commands. - [Indirect Prompt Injection] (SAFE): While the skill analyzes untrusted external legal documents, the risk of instruction injection is mitigated by the use of deterministic scripts for report generation.
- Ingestion points: Document review stage described in
SKILL.md. - Boundary markers: Absent.
- Capability inventory: File writing via
python-docxinscripts/populate_template.py; no network or shell access. - Sanitization: Data validation against a schema and regex patterns is performed in
scripts/validate_data.py.
Audit Metadata