fukugyo-contract
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, untrusted contract files (txt, md, pdf) which creates a surface for indirect prompt injection. Malicious instructions embedded in a contract could attempt to manipulate the extraction logic or the subsequent update to config.json.
- Ingestion points: The command
python3 scripts/contract.py read <file>reads external text files (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are mentioned.
- Capability inventory: Subprocess execution of
scripts/contract.py, filesystem writes to.fukugyo/contracts/, and modification ofconfig.json(SKILL.md). - Sanitization: No sanitization or validation of the input text is described before LLM processing.
- [COMMAND_EXECUTION]: The skill requires the execution of a local Python script (
scripts/contract.py) to parse documents and manage data. Users should verify the script content as it is not provided in the skill definition. - [DATA_EXFILTRATION]: The skill is designed to access and structure sensitive business information from contracts, such as compensation rates and payment terms. This data is stored locally in a hidden directory (
.fukugyo/contracts/).
Audit Metadata