lab-interpreter
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes untrusted data from medical reports.
- Ingestion points: Lab reports and clinical diagnostic sheets uploaded as images, PDFs, or text (Step 1).
- Boundary markers: The instructions do not define clear delimiters or "ignore instructions" warnings to separate extracted report data from the agent's internal logic.
- Capability inventory: The skill has the ability to read and write files in the
/mnt/user-data/outputs/directory and use theask_user_input_v0tool. - Sanitization: There is no explicit requirement to sanitize or validate the content extracted from the documents before the agent interprets it.
- [DATA_EXFILTRATION]: The skill handles sensitive Personally Identifiable Information (PII) and Protected Health Information (PHI).
- Exposure: It stores patient demographics and clinical history in plaintext markdown files (
/mnt/user-data/outputs/health-record-[name].md). - Mitigation: While this involves sensitive data, the skill is designed to ask for explicit user consent before creating or updating these records, mitigating the risk of unintended data collection.
Audit Metadata