contract-review

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user documents (contracts, terms of service) as part of its primary workflow. This creates a surface for indirect prompt injection, where an attacker could embed malicious instructions within a document to manipulate the agent's behavior during analysis.
  • Ingestion points: Processes user-uploaded files in PDF, DOCX, and image formats as specified in references/contract/guide.md and SKILL.md.
  • Boundary markers: No explicit delimiters are used to separate untrusted document content from the agent's system instructions.
  • Capability inventory: The skill uses mcp__sequential-thinking__sequentialthinking and the korean-law MCP server. It also interacts with internal agents like quality-evaluator and format-converter. No arbitrary command execution or network exfiltration capabilities were identified.
  • Sanitization: No specific sanitization or validation of the input document content is described.
  • [EXTERNAL_DOWNLOADS]: The skill references the korean-law MCP server to fetch legal statutes and precedents. This is a legitimate resource for the skill's purpose and is handled through standard tool-calling mechanisms.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:11 PM
Security Audit — agent-trust-hub — contract-review