Skills
skills/sisodiabhumca/agent-skills/data-contract-validator/Gen Agent Trust Hub

data-contract-validator

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The validate_contract.py script reads and writes files based on command-line arguments. While intended for validation, this capability should be monitored to ensure the agent does not access sensitive system files or credentials.
  • [PROMPT_INJECTION]: The skill processes untrusted JSON data from external sources, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Data records are read from the file path specified in the --data argument of validate_contract.py.
  • Boundary markers: Absent; the tool does not isolate external data with boundary markers in its output reports.
  • Capability inventory: The script can read any accessible file and write validation reports to the local disk.
  • Sanitization: No sanitization is performed on the ingested data or the resulting output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 04:08 PM
Security Audit — agent-trust-hub — data-contract-validator