insurance-claim-adjustment
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external sources including the claims system, policy system, and medical reviews. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the processed insurance documents.
- Ingestion points: Data is retrieved using
claims-system.get_case_documents,claims-system.get_case_status, andpolicy-system.query_policyvia MCP calls. - Boundary markers: The workflow utilizes structured Markdown report templates but does not include explicit instructions to ignore instructions found within external data content.
- Capability inventory: The skill has the capability to perform network operations through MCP (
calculation-engine.calculate_settlement) and write audit logs to the local filesystem. - Sanitization: The skill includes mandatory PII de-identification guidelines and business logic validation (e.g., verifying that amount = unit price * quantity).
- [COMMAND_EXECUTION]: The skill utilizes a local Python script
scripts/validate_input.pyto perform structural validation of JSON inputs. While the script's logic is benign and uses standard libraries, its execution during the workflow represents a command execution pattern.
Audit Metadata