contract-and-proposal-writer
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and associated scripts do not contain any malicious patterns, such as data exfiltration, credential harvesting, or obfuscation. The scripts are well-documented and perform standard data processing and analysis locally using the Python standard library.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-provided text to fill templates and analyzes JSON files. However, this is inherent to the skill's purpose as a document generator and does not include risky capabilities that could be exploited.
- Ingestion points: User-supplied values for placeholders in
SKILL.mdand contract data in JSON files processed by the utility scripts. - Boundary markers: The skill uses
[BRACKETED]markers to delimit where user input should be inserted into templates. - Capability inventory: The skill uses Python scripts for local analysis and documentation for
pandocshell commands for file conversion. - Sanitization: There is no explicit sanitization of text provided for the placeholders, which is typical for a text generation template system.
Audit Metadata