Security Audit
lawvable/awesome-legal-skills:skills/tabular-review-lawvable
github.com/lawvable/awesome-legal-skillsTrust Assessment
lawvable/awesome-legal-skills:skills/tabular-review-lawvable received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Prompt Injection into Sub-Agent via User Input, Excessive Filesystem Scope and Data Exfiltration Risk, Information Disclosure via Excel Hyperlinks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 26, 2026 (commit 4d82d4cf). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection into Sub-Agent via User Input The skill constructs a prompt for sub-agents by directly embedding user-controlled inputs such as `<list of document paths>` and `<column definitions>`. A malicious user could craft these inputs to inject arbitrary instructions into the sub-agent's prompt, potentially overriding its intended behavior, leading to data exfiltration, or other unauthorized actions if the sub-agent has capabilities beyond simple text processing. Implement robust sanitization and escaping for all user-provided inputs before embedding them into sub-agent prompts. Prefer structured data passing mechanisms (e.g., API calls with parameters) over string interpolation for sensitive inputs. Ensure sub-agents operate within a strict sandbox and have minimal permissions. | LLM | SKILL.md:57 | |
| HIGH | Excessive Filesystem Scope and Data Exfiltration Risk The skill requests a 'Document folder path' from the user and then uses the `Glob` tool to discover all documents within that path. These discovered paths are then passed to sub-agents for processing. Combined with the prompt injection vulnerability, a malicious user could provide a broad path (e.g., `/` or `/home/user`) and then inject instructions into the sub-agent to read and exfiltrate the content of arbitrary files within the accessible filesystem, not just the intended documents or specific columns. The `pdf` and `docx` skills inherently require file read access, making this a high-risk vector. Implement strict path validation to restrict the 'Document folder path' to a designated, sandboxed directory. Ensure the `Glob` tool and subsequent file reading operations by sub-agents are confined to this allowed directory. Sub-agents should be sandboxed to prevent access to unauthorized file paths or system resources. | Static | SKILL.md:29 | |
| MEDIUM | Information Disclosure via Excel Hyperlinks The generated Excel output includes hyperlinks in the format `file://<document_path>#page=<N>`. If the `document_path` contains sensitive information (e.g., a path to a user's home directory, system files, or network shares), and the Excel file is shared, it could inadvertently disclose local file paths to others. While not direct exfiltration by the agent, it represents a potential information disclosure risk to anyone opening the Excel file. Consider if full absolute paths are strictly necessary for the hyperlinks. Explore options for using relative paths, abstract identifiers, or providing a warning to the user about sharing Excel files that contain local file paths. Ensure that the `document_path` used in the hyperlink is sanitized to prevent path traversal or other malicious constructs. | Static | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/7e37b55b0b8ed21c)
Powered by SkillShield