insurance-agent-customer-profiling

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/analyze_profile.py and scripts/validate_input.py) to process customer data and generate Markdown reports. This is the intended functionality of the skill and uses standard argument parsing for control.
  • [DATA_EXPOSURE]: The skill is designed to handle Sensitive Personal Information (SPI), including financial income, family structure, health/claim history, and insurance policy details. The logic includes instructions for data masking in reports and requires manual review by a licensed agent, mitigating the risk of automated exposure to unauthorized parties.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection through its ingestion of external data files (JSON/CSV/Excel).
  • Ingestion points: Data enters the agent's context through the --input file path in the analysis script and the workflow defined in SKILL.md.
  • Boundary markers: The skill provides structural templates for output but does not use explicit boundary markers (e.g., XML delimiters) or instructions to ignore embedded commands within user-provided data fields like 'notes' or 'interaction_summary'.
  • Capability inventory: The skill possesses the capability to write reports to the local file system and access sensitive customer databases via MCP tools (customer-system.get_customer_profile, etc.).
  • Sanitization: The validation script (scripts/validate_input.py) checks for data types and valid ranges (e.g., age 0-120) but does not sanitize the input for natural language instructions that could influence the agent's subsequent reasoning steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-agent-customer-profiling