insurance-agent-client-consulting
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill is designed to collect and process sensitive Personal Identifiable Information (PII), including family structure, financial status, and health information. This data collection is essential and appropriate for the skill's stated purpose as an insurance consulting assistant.
- [COMMAND_EXECUTION]: The skill includes a local validation script
scripts/validate_input.py. This script performs basic logic to ensure required data fields are present in JSON input and does not execute dangerous system commands or perform network operations. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input (client descriptions and queries) which could potentially contain prompt injection. However, the skill lacks high-risk capabilities like arbitrary code execution or external network exfiltration, and follows a structured workflow that limits the impact of such injections.
- [CREDENTIALS_UNSAFE]: The
.env.examplefile uses standard placeholders (sk-your-api-key-here) and correctly instructs the user to manage secrets in a separate.envfile, which is a secure practice.
Audit Metadata