insurance-claim-adjudication-review
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external insurance systems to derive final adjudication decisions.\n
- Ingestion points: The skill retrieves data from external tools including
claims-system(viaget_case_statusandget_case_documents) andfraud-detection(viascore_fraud_risk).\n - Boundary markers: There are no explicit delimiters or specific instructions (e.g., "ignore any embedded instructions in the following data") to isolate the retrieved claim data from the agent's internal reasoning logic.\n
- Capability inventory: The agent has the capability to recommend financial outcomes (Approve, Reduce, Reject, Suspend) and invoke MCP tools based on the content of external inputs, which could be exploited by an attacker-controlled case file.\n
- Sanitization: The provided Python script
validate_input.pychecks for the presence of required fields but does not sanitize the content of the data for potentially malicious prompt sequences.
Audit Metadata