legal-risk

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a structured template for corporate legal analysis and does not contain any malicious instructions or hidden payloads. It includes clear disclaimers stating that its output does not replace professional legal advice.
  • [DATA_EXPOSURE]: The skill instructs the agent to search for legal information on well-known, official South Korean government and judicial domains, including law.go.kr (National Law Information Center), pipc.go.kr (Personal Information Protection Commission), and kipris.or.kr (Patent Information Search Service). These are trusted public information sources and do not involve sensitive data exfiltration.
  • [COMMAND_EXECUTION]: The reference files (references/ip-portfolio.md and references/legal-research.md) describe a multi-agent workflow that involves creating and saving markdown files into a local _workspace/ directory. This is standard behavior for document organization and does not involve arbitrary command execution or privilege escalation.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user data (legal facts, contract details, and IP assets) to generate reports. The ingestion points are located in the primary workflow and reference files. While explicit boundary markers and sanitization instructions are absent, the skill's capabilities are limited to markdown report generation in a local workspace, presenting a low risk profile.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:11 PM
Security Audit — agent-trust-hub — legal-risk