The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script, contract_reviewer.py, to manage document processing and API communication.
[DATA_EXFILTRATION]: Documents are sent to the vendor's domain https://somark.tech for parsing. This is the primary function of the skill and uses the author's infrastructure.
[PROMPT_INJECTION]: The skill processes untrusted external legal documents, which serves as an attack surface for indirect prompt injection. 1. Ingestion points: Files are ingested via the -f flag in the contract_reviewer.py script. 2. Boundary markers: The SKILL.md file explicitly instructs the agent to treat all parsed contract content as data and avoid executing any instructions found within it. 3. Capability inventory: The skill has the capability to read local files, write parsed outputs to disk, and communicate with the vendor's API. 4. Sanitization: The skill relies on natural language boundary instructions for the agent rather than programmatic content sanitization.

contract-reviewer