contract-helper

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or high-risk behaviors were detected. The skill performs standard text-based processing to generate and review influencer contracts.
  • [PROMPT_INJECTION]: The skill processes untrusted data such as user-provided campaign briefs and pasted contract terms, which presents a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context via campaign briefs, compensation figures, platform lists, and pasted incoming agreements for review in the drafting and review workflows.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating untrusted data into prompts.
  • Capability inventory: The skill has the ability to read and write files within the memory/ directory structure to maintain state and save contract drafts.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 10:02 AM
Security Audit — agent-trust-hub — contract-helper