tabular-review-lawvable
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted documents and uses their content to drive subagent tasks without adequate protection.
- Ingestion points: Local PDF and Word documents discovered via the
Globtool in a user-provided directory, as specified inSKILL.md(Step 2). - Boundary markers: The subagent prompt template in
SKILL.md(Step 3) lacks explicit delimiters (like XML tags or clear separators) and does not include instructions to the agent to ignore or disregard any commands or instructions found within the processed text. - Capability inventory: The skill possesses the ability to read local files (via
pdfanddocxskills) and write results to the local file system (viaxlsxskill), providing a surface where a malicious document could influence the generated output or data citations. - Sanitization: There is no evidence of sanitization, escaping, or validation of the text extracted from the source documents before it is interpolated into the prompt for processing.
Audit Metadata