Skills
skills/zubair-trabzada/ai-legal-claude/missing-protections-finder/Gen Agent Trust Hub

missing-protections-finder

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data from files and URLs, which is a known vector for indirect prompt injection attacks.
  • Ingestion points: The skill ingests data via user-provided file paths (processed by the Read tool), URLs (processed by the WebFetch tool), or direct text input (SKILL.md, Step 1).
  • Boundary markers: The skill does not include instructions for the agent to use delimiters or ignore embedded instructions within the contract text, which could lead the agent to follow malicious commands hidden in a document.
  • Capability inventory: The agent has the ability to read local files, fetch content from the internet, and write analysis reports back to the local filesystem (SKILL.md, Step 5).
  • Sanitization: There is no explicit instruction to sanitize or validate the ingested content before processing.
  • [NO_CODE]: The skill does not include any executable code or external dependencies, consisting solely of markdown instructions and tool definitions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:48 PM