insurance-agent-customer-profiling
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/analyze_profile.pyandscripts/validate_input.py) to process customer data and generate Markdown reports. This is the intended functionality of the skill and uses standard argument parsing for control. - [DATA_EXPOSURE]: The skill is designed to handle Sensitive Personal Information (SPI), including financial income, family structure, health/claim history, and insurance policy details. The logic includes instructions for data masking in reports and requires manual review by a licensed agent, mitigating the risk of automated exposure to unauthorized parties.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection through its ingestion of external data files (JSON/CSV/Excel).
- Ingestion points: Data enters the agent's context through the
--inputfile path in the analysis script and the workflow defined inSKILL.md. - Boundary markers: The skill provides structural templates for output but does not use explicit boundary markers (e.g., XML delimiters) or instructions to ignore embedded commands within user-provided data fields like 'notes' or 'interaction_summary'.
- Capability inventory: The skill possesses the capability to write reports to the local file system and access sensitive customer databases via MCP tools (
customer-system.get_customer_profile, etc.). - Sanitization: The validation script (
scripts/validate_input.py) checks for data types and valid ranges (e.g., age 0-120) but does not sanitize the input for natural language instructions that could influence the agent's subsequent reasoning steps.
Audit Metadata