insurance-agent-plan-generator

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious code or exfiltration patterns were detected. The skill performs legitimate insurance calculations and document generation tasks.
  • [DATA_EXPOSURE]: The TEST.md file contains local development filesystem paths (e.g., /Users/zhangjia/Documents/...). This is a best-practice violation regarding metadata cleanliness but does not pose a security threat to users.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it processes untrusted data (from manual entry and file imports) within the templates/plan_sections.md prompt. However, the risk is mitigated by explicit compliance instructions that prohibit the use of deceptive financial terms and mandate disclaimers.
  • Ingestion points: Untrusted data enters via manual HTML forms (assets/data-input-form.html), file imports (demo-data/demo_plan_input.json), and outputs from related skills.
  • Boundary markers: Missing. Data is interpolated into placeholders like {customer_summary} without strict delimiters.
  • Capability inventory: The skill has file-write capabilities (lib/generate_plan.py) via the python-docx library.
  • Sanitization: Basic input validation is provided in scripts/validate_input.py, and the prompt template includes negative constraints (e.g., forbidding terms like "guarantee" or "zero risk").
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-agent-plan-generator