contract-clause-risk-review-cn

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a standard attack surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through the contractClauseText field, contractFile uploads (supporting .docx, .pdf, .md, .txt, .xlsx, .csv, .png, .jpg, .jpeg), and contractReferenceLink as defined in references/form-schema.json.
  • Boundary markers: The provided instructions do not include specific delimiters or "ignore embedded instructions" warnings to isolate processed data from the core logic.
  • Capability inventory: Across scripts/run.py and other files, the skill's capabilities are limited to network communication with its own API (ai-skills.ai) to generate analysis; it does not perform arbitrary subprocess calls, file-system writes, or local code execution.
  • Sanitization: There is no evidence of input sanitization, escaping, or validation of the content within the ingested contracts or links.
  • [SAFE]: The network operations performed by the scripts/run.py utility target the vendor's primary service domain (ai-skills.ai) for functional execution. Authentication is handled via standard environment variables (AISKILLS_API_KEY), and the script uses well-known practices for SSL certificate verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — contract-clause-risk-review-cn