insurance-claim-adjustment

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests data from external sources including the claims system, policy system, and medical reviews. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the processed insurance documents.
  • Ingestion points: Data is retrieved using claims-system.get_case_documents, claims-system.get_case_status, and policy-system.query_policy via MCP calls.
  • Boundary markers: The workflow utilizes structured Markdown report templates but does not include explicit instructions to ignore instructions found within external data content.
  • Capability inventory: The skill has the capability to perform network operations through MCP (calculation-engine.calculate_settlement) and write audit logs to the local filesystem.
  • Sanitization: The skill includes mandatory PII de-identification guidelines and business logic validation (e.g., verifying that amount = unit price * quantity).
  • [COMMAND_EXECUTION]: The skill utilizes a local Python script scripts/validate_input.py to perform structural validation of JSON inputs. While the script's logic is benign and uses standard libraries, its execution during the workflow represents a command execution pattern.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-claim-adjustment