box-legal-workflows-contract
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices for legal workflows by requiring human confirmation for high-risk operations.
- [PROMPT_INJECTION]: The skill processes external documents (contracts), which creates a standard indirect prompt injection attack surface. This risk is mitigated by explicit human-in-the-loop requirements and mandatory verification steps for risk assessments and access control changes defined in the guardrails.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a prerequisite installation command (
npx skills add https://github.com/box/box-for-ai). This URL originates from the verified author organization ('box') and is used for environment setup rather than autonomous runtime code execution by the agent.
Audit Metadata