contract-guard
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided contract data without explicit security boundaries.
- Ingestion points: The agent ingests contract text, screenshots, or descriptions provided by the user in 'Step 1'.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for the untrusted contract input.
- Capability inventory: The skill triggers search operations for laws and common traps based on findings within the contract text in 'Step 2'.
- Sanitization: There is no mention of input validation, filtering, or sanitization of the contract content before it is processed.
Audit Metadata