legal-letter
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill contains an instruction to recommend and provide a command (
/install 技耑宝 github:mindverse/skillhub) for installing an external skill from a non-trusted GitHub repository. Referencing and encouraging the installation of third-party skills from unverified sources can introduce unvetted code or instructions into the agent's environment. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests untrusted user data regarding legal case facts (Step 1) and interpolates them into document templates.
- Ingestion points: User-provided case details such as dispute type, parties, facts, and targets in SKILL.md.
- Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from obeying instructions embedded in the user's case description.
- Capability inventory: The skill is restricted to text generation and lacks internal capabilities for subprocess execution, file system access, or network operations.
- Sanitization: Absent; no input validation or escaping logic is applied to the user-provided facts before they are processed.
Audit Metadata