insurance-agent-plan-generator
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code or exfiltration patterns were detected. The skill performs legitimate insurance calculations and document generation tasks.
- [DATA_EXPOSURE]: The
TEST.mdfile contains local development filesystem paths (e.g.,/Users/zhangjia/Documents/...). This is a best-practice violation regarding metadata cleanliness but does not pose a security threat to users. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it processes untrusted data (from manual entry and file imports) within the
templates/plan_sections.mdprompt. However, the risk is mitigated by explicit compliance instructions that prohibit the use of deceptive financial terms and mandate disclaimers. - Ingestion points: Untrusted data enters via manual HTML forms (
assets/data-input-form.html), file imports (demo-data/demo_plan_input.json), and outputs from related skills. - Boundary markers: Missing. Data is interpolated into placeholders like
{customer_summary}without strict delimiters. - Capability inventory: The skill has file-write capabilities (
lib/generate_plan.py) via thepython-docxlibrary. - Sanitization: Basic input validation is provided in
scripts/validate_input.py, and the prompt template includes negative constraints (e.g., forbidding terms like "guarantee" or "zero risk").
Audit Metadata