Contract Review Ai

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only contract review skill whose sensitive input handling is expected for its purpose, but users should redact contracts where possible.

Install only if you are comfortable sharing contract text with the assistant environment. Redact IDs, bank details, signatures, addresses, trade secrets, and unrelated personal data where possible, and treat the output as review support rather than a substitute for qualified legal advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly encourages users to upload contracts in PDF, DOCX, image, or pasted-text form, which commonly contain highly sensitive personal, financial, employment, and confidential business information. Without a privacy warning, data-minimization guidance, or instructions to redact sensitive fields, users may disclose confidential or regulated data to the system unintentionally.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal