insurance-agent-client-consulting

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill is designed to collect and process sensitive Personal Identifiable Information (PII), including family structure, financial status, and health information. This data collection is essential and appropriate for the skill's stated purpose as an insurance consulting assistant.
  • [COMMAND_EXECUTION]: The skill includes a local validation script scripts/validate_input.py. This script performs basic logic to ensure required data fields are present in JSON input and does not execute dangerous system commands or perform network operations.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input (client descriptions and queries) which could potentially contain prompt injection. However, the skill lacks high-risk capabilities like arbitrary code execution or external network exfiltration, and follows a structured workflow that limits the impact of such injections.
  • [CREDENTIALS_UNSAFE]: The .env.example file uses standard placeholders (sk-your-api-key-here) and correctly instructs the user to manage secrets in a separate .env file, which is a secure practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-agent-client-consulting