contract-guard

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided contract data without explicit security boundaries.
  • Ingestion points: The agent ingests contract text, screenshots, or descriptions provided by the user in 'Step 1'.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for the untrusted contract input.
  • Capability inventory: The skill triggers search operations for laws and common traps based on findings within the contract text in 'Step 2'.
  • Sanitization: There is no mention of input validation, filtering, or sanitization of the contract content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:56 PM
Security Audit — agent-trust-hub — contract-guard