The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It is designed to ingest and interpret external documents (PDF, docx) and EDO (Electronic Document Management) content which may contain adversarial instructions intended to bypass the skill's logic or safety guidelines.
Ingestion points: Step 1 in SKILL.md identifies file paths and EDO IDs (Diadok/SBIS) as input sources for contract reading.
Boundary markers: The instructions lack explicit boundary markers or directives for the agent to ignore instructions embedded within the document content itself.
Capability inventory: The skill has access to Bash, Read, and WebFetch tools, providing a technical path for file creation and network interaction.
Sanitization: No specific sanitization or validation of the document content is described before it is analyzed or used to generate proposed edits.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to facilitate the creation and export of marked-up docx and PDF files. While used for the intended purpose of generating reports, arbitrary command execution remains a potential risk if the agent is manipulated via the ingested data.
[DATA_EXPOSURE]: The skill processes highly sensitive data, including contract terms, banking requisites, and tax IDs (INN/OGRN). It also attempts to access EDO systems to retrieve documents awaiting signature. Although the prompt includes 'Approval gates' explicitly forbidding the agent from signing or modifying documents in EDO, the inherent access to these systems constitutes a high-privilege operation.

review-contract