contract-clause-risk-review-cn
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a standard attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the
contractClauseTextfield,contractFileuploads (supporting .docx, .pdf, .md, .txt, .xlsx, .csv, .png, .jpg, .jpeg), andcontractReferenceLinkas defined inreferences/form-schema.json. - Boundary markers: The provided instructions do not include specific delimiters or "ignore embedded instructions" warnings to isolate processed data from the core logic.
- Capability inventory: Across
scripts/run.pyand other files, the skill's capabilities are limited to network communication with its own API (ai-skills.ai) to generate analysis; it does not perform arbitrary subprocess calls, file-system writes, or local code execution. - Sanitization: There is no evidence of input sanitization, escaping, or validation of the content within the ingested contracts or links.
- [SAFE]: The network operations performed by the
scripts/run.pyutility target the vendor's primary service domain (ai-skills.ai) for functional execution. Authentication is handled via standard environment variables (AISKILLS_API_KEY), and the script uses well-known practices for SSL certificate verification.
Audit Metadata