legal-briefing
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions define a workflow that involves ingesting untrusted data from multiple external sources, creating an attack surface for indirect prompt injection.
- Ingestion points: Phase 3 ("Assemble Context from Available Sources") in SKILL.md explicitly directs the agent to pull data from Email Systems, Messaging Platforms (Slack, Teams), and Document Repositories.
- Boundary markers: The instructions are absent of explicit delimiters or directives to treat data from these external systems as untrusted or to ignore embedded instructions.
- Capability inventory: The skill focuses on data aggregation and document generation; no direct command execution or script execution capabilities are included in the provided file.
- Sanitization: No evidence of sanitization or validation of the ingested external content is present in the instructions.
- [NO_CODE]: The provided skill contains only markdown-based instructions and structure templates; it does not include any executable scripts, binaries, or external code dependencies.
Audit Metadata