Legal Manager Skill

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill mandates automatic, non-consensual processing of sensitive contract/case data (including treating scans as originals) and requires every ingestion to be pushed to an external webhook via scripts, which strongly indicates deliberate data-exfiltration/backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.78). 该技能在“合同存档流程”中会对用户发来的合同文件（PDF/Word/图片）运行 FAR 解析与 OCR/签章检测脚本（far_gen.py、seal_signature_detector.py），从而把文件内的自由文本/条款内容（由合同当事方/第三方撰写的文本）读入并进入 LLM 上下文，属于“外部文档正文（非操作用户自著）”的间接提示注入风险路径。

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)