contract-helper
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or high-risk behaviors were detected. The skill performs standard text-based processing to generate and review influencer contracts.
- [PROMPT_INJECTION]: The skill processes untrusted data such as user-provided campaign briefs and pasted contract terms, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via campaign briefs, compensation figures, platform lists, and pasted incoming agreements for review in the drafting and review workflows.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating untrusted data into prompts.
- Capability inventory: The skill has the ability to read and write files within the
memory/directory structure to maintain state and save contract drafts. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is processed by the agent.
Audit Metadata