insurance-claim-adjudication-review

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external insurance systems to derive final adjudication decisions.\n
  • Ingestion points: The skill retrieves data from external tools including claims-system (via get_case_status and get_case_documents) and fraud-detection (via score_fraud_risk).\n
  • Boundary markers: There are no explicit delimiters or specific instructions (e.g., "ignore any embedded instructions in the following data") to isolate the retrieved claim data from the agent's internal reasoning logic.\n
  • Capability inventory: The agent has the capability to recommend financial outcomes (Approve, Reduce, Reject, Suspend) and invoke MCP tools based on the content of external inputs, which could be exploited by an attacker-controlled case file.\n
  • Sanitization: The provided Python script validate_input.py checks for the presence of required fields but does not sanitize the content of the data for potentially malicious prompt sequences.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-claim-adjudication-review