insurance-claim-fraud-detection
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-structured and focuses on legitimate business logic for the insurance domain.
- [PROMPT_INJECTION]: The skill ingests untrusted external data in the form of claim materials (medical records, invoices). While it lacks explicit boundary markers to prevent the model from following instructions embedded in these documents (Indirect Prompt Injection surface), this is a common characteristic of data-processing skills. The risk is mitigated by the structured analytical workflow and scoring system.
- [CREDENTIALS_UNSAFE]: The skill uses a
.env.examplefile to guide users in setting theDASHSCOPE_API_KEY. It uses a safe placeholder value (sk-your-api-key-here) and follows best practices for secret management by recommending the use of environment variables. - [EXTERNAL_DOWNLOADS]: Dependencies listed in
requirements.txt(agentscope,dashscope) are standard, well-known libraries associated with the vendor's ecosystem (Alibaba Cloud).
Audit Metadata