counter-proposal-generator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its processing of untrusted contract documents.
- Ingestion points: Untrusted data enters the agent's context via the
Readtool (for local files) andWebFetch(for external URLs) as defined inSKILL.md. - Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish between the contract text and the agent's operational instructions.
- Capability inventory: The skill utilizes file reading (
Read), web fetching (WebFetch), and file writing (creatingNEGOTIATION-STRATEGY-[contract-name].md) across its workflow. - Sanitization: There is no evidence of input sanitization, validation, or escaping of the contract content before it is interpolated into the agent's prompt.
- [COMMAND_EXECUTION]: The skill performs automated file system operations. It is instructed to write a new markdown file (
NEGOTIATION-STRATEGY-[contract-name].md) to the local directory. While this is the intended output of the skill, it represents a capability that could be misused if the agent's logic is subverted by malicious input within a processed contract document.
Audit Metadata