contract-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system utilities pandoc and mmdc (Mermaid CLI) via subprocess.run to perform document conversion and diagram rendering. These operations use list-based arguments and do not involve a shell, which mitigates injection risks.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted content from contract documents.\n
- Ingestion points: Text is extracted from user-supplied .docx files in scripts/contract_analyzer.py and handled throughout the review workflow in scripts/workflow.py.\n
- Boundary markers: The extracted text is processed without explicit delimiters or 'ignore' instructions that would prevent the LLM from misinterpreting instructions embedded within the contract.\n
- Capability inventory: The skill can execute subprocesses (pandoc, mmdc) and perform file system operations like creating and deleting files in the output directory.\n
- Sanitization: The skill uses defusedxml for all XML parsing, effectively protecting against XML External Entity (XXE) vulnerabilities.
Audit Metadata