contract-review
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted contract text.\n
- Ingestion points: The skill processes user-provided contract text or excerpts as specified in the workflow and examples in
SKILL.md.\n - Boundary markers: There are no explicit delimiters or protective instructions provided to isolate the contract data from the skill's logic.\n
- Capability inventory: The skill contains no executable code and has no access to subprocesses, network resources, or the file system.\n
- Sanitization: The skill does not implement any validation or sanitization for the input data.\n- [NO_CODE]: The skill consists solely of markdown documentation and instructional prompt templates, with no functional code or scripts provided.
Audit Metadata