red-flag-contract-scanner
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes Python scripts at runtime to produce Word-formatted reports. As described in
assets/docx_template_example.md, the agent is instructed to use thepython-docxlibrary to assemble a script that includes metadata and specific clause text extracted from user-supplied documents. This dynamic assembly and execution of code based on external inputs is a medium-risk pattern.\n- [PROMPT_INJECTION]: The skill is designed to ingest and interpret large amounts of untrusted external text (legal contracts, terms of service, and privacy policies). This establishes a significant surface for indirect prompt injection.\n - Ingestion points: Untrusted contract text is ingested when a user pastes or uploads a document for analysis (e.g., in Step 1 of the workflow in
SKILL.md).\n - Boundary markers: The instructions do not define strict delimiters or 'ignore embedded instructions' warnings to separate the contract data from the agent's internal analysis logic.\n
- Capability inventory: The agent has the capability to execute generated Python code (via the Word report generation process) and compose draft emails (via the
message_compose_v1tool mentioned inSKILL.md).\n - Sanitization: There is no evidence of validation or sanitization of the contract text before it is used for report generation or decision-making.
Audit Metadata