patent-review
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local patent files, including claims and invention disclosures, and transmits this content to an external AI model via the
mcp__codex__codextool. While intended for the review process, this results in the transfer of potentially sensitive intellectual property to a remote service. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of a third-party MCP server (
codex mcp-server) to function. This introduces an external code dependency that is not part of the skill's own code base. - [COMMAND_EXECUTION]: The skill utilizes file system tools such as
Read,Write,Edit, andBashto aggregate patent data and generate review reports, allowing the agent to interact with and modify files in the local directory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests content from local files and interpolates them directly into prompts sent to the reviewer model.
- Ingestion points: Local files in the
patent/directory includingCLAIMS.md,specification/, andINVENTION_DISCLOSURE.md. - Boundary markers: The prompt uses structural headers like
CLAIMS:andSPECIFICATION SUMMARY:but lacks explicit delimiters or instructions for the model to ignore potential instructions embedded within the ingested text. - Capability inventory: Access to
mcp__codex__codexfor remote processing andWrite/Editfor local file modifications. - Sanitization: Content is interpolated into the prompt without escaping or validation.
Audit Metadata