deep-risk-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external documents (contracts) which could contain malicious instructions designed to manipulate the agent's output or behavior. \n
- Ingestion points: Data enters the agent's context through the
Readtool (file paths),WebFetchtool (URLs), or direct text input. \n - Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings to isolate the untrusted contract text from the system prompt. \n
- Capability inventory: The skill utilizes file reading (
Read), network operations (WebFetch), and file system writes (generatingRISK-ANALYSIS.md). \n - Sanitization: There is no mention of sanitizing or escaping the content retrieved from external files or URLs before processing. \n- [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of documents from arbitrary external URLs using the
WebFetchtool. This is necessary for the skill's primary function of contract analysis but involves connecting to user-specified remote domains.
Audit Metadata