box-legal-workflows-intake
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing a prerequisite component from the vendor's official GitHub repository (github.com/box/box-for-ai), which is a trusted source associated with the skill's author.- [PROMPT_INJECTION]: There is an indirect prompt injection surface because the skill analyzes untrusted, user-uploaded legal documents using AI tools. An attacker could potentially embed malicious instructions within these documents to influence risk assessments or routing decisions.
- Ingestion points: Intake documents processed via ai_qa_multi_file and ai_extract_structured_from_fields_enhanced (SKILL.md).
- Boundary markers: Absent; the prompt does not explicitly instruct the AI to ignore instructions within the analyzed documents.
- Capability inventory: create_collaboration, add_folder_shared_link, upload_file, and set_file_metadata.
- Sanitization: Absent; however, the risk is significantly mitigated by mandatory guardrails requiring human confirmation before approvals, routing, or external document sharing.
Audit Metadata