insurance-agent-health-disclosure-guide

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill integrates with legitimate services and libraries (dashscope, agentscope) consistent with the author's profile.
  • [SAFE]: Detailed compliance constraints are present, explicitly prohibiting the induction of concealment and mandating the protection of sensitive customer data through anonymization.
  • [PROMPT_INJECTION]: Evaluated for indirect prompt injection surface.
  • Ingestion points: Untrusted data enters via the customer_health_info parameter defined in the workflow and processed in SKILL.md.
  • Boundary markers: No explicit delimiters are specified for the interpolation of user health data.
  • Capability inventory: The skill instructions reference file-writing operations for audit logs in the audit/ directory as described in SKILL.md.
  • Sanitization: Input is validated for structural completeness by scripts/validate_input.py, but semantic sanitization of the health information content is not performed.
  • [COMMAND_EXECUTION]: The skill documentation includes a requirement for generating audit logs to a local directory (audit/). This is an expected feature for professional financial tools to maintain a compliance trail.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-agent-health-disclosure-guide