legal-risk-assessment-anthropic
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill metadata identifies the author as "Anthropic", which contradicts the provided authorship context indicating the author is "lawve-ai". This misleading attribution is a form of metadata poisoning that may lead users to assign undue trust to the skill's recommendations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user data into a structured risk assessment framework without using boundary markers.
- Ingestion points: Matter descriptions, background context, and risk analysis sections in SKILL.md.
- Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat user-provided data as potentially untrusted.
- Capability inventory: The skill does not define any external tools, file system access, or network capabilities.
- Sanitization: No input validation or sanitization logic is implemented.
- [NO_CODE]: The skill consists entirely of markdown documentation and legal frameworks without any executable scripts or tool configurations.
Audit Metadata