DeepRead Legal Documents

Security checks across malware telemetry and agentic risk

Overview

The skill appears to use a disclosed third-party API for its document-processing purpose, but users should treat legal-document uploads as sensitive.

Before installing or using this skill, confirm that sending documents to the third-party API is allowed for your matter or organization. Do not upload privileged, regulated, confidential, or client materials unless the vendor, retention policy, access controls, and authorization are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: ### cURL ```bash curl -s -X POST https://api.deepread.tech/v1/process \ -H "X-API-Key: $DEEPREAD_API_KEY" \ -F "file=@contract.pdf" \ -F 'schema={"type":"object","properties":{"document_type":{"type":"string","description":"Type of legal document"},"parties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"role":{"type":"string"}}},"description":"All parties"},"effective_date":{"type":"string","description":"Effective date"},"governing_law":{"type":"string","description":"Governing jurisdiction"},"contract_value":{"type":"number","description":"Total value"},"key_clauses":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"summary":{"type":"string"}}},"description":"Key clauses"}}}'
Confidence: 95% confidence
Finding: https://api.deepread.tech/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal