insurance-agent-application-check
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation follows security best practices by including a 'Privacy Protection' clause that mandates data desensitization for sensitive customer information (IDs, health data).
- [SAFE]: Dependencies listed in
requirements.txt(agentscope, dashscope) are standard for the Aliyun ecosystem and aligned with the author's identity. - [SAFE]: The input validation script (
scripts/validate_input.py) performs integrity checks on insurance data without employing dangerous dynamic execution patterns likeeval()orexec(). - [PROMPT_INJECTION]: The skill ingests untrusted data from external insurance materials (IDs, application forms, health reports). This creates an indirect prompt injection surface where adversarial text within processed documents could attempt to influence agent behavior, although the skill includes 'Compliance Constraints' to mitigate operational risks.
Audit Metadata