insurance-claim-fraud-detection

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is well-structured and focuses on legitimate business logic for the insurance domain.
  • [PROMPT_INJECTION]: The skill ingests untrusted external data in the form of claim materials (medical records, invoices). While it lacks explicit boundary markers to prevent the model from following instructions embedded in these documents (Indirect Prompt Injection surface), this is a common characteristic of data-processing skills. The risk is mitigated by the structured analytical workflow and scoring system.
  • [CREDENTIALS_UNSAFE]: The skill uses a .env.example file to guide users in setting the DASHSCOPE_API_KEY. It uses a safe placeholder value (sk-your-api-key-here) and follows best practices for secret management by recommending the use of environment variables.
  • [EXTERNAL_DOWNLOADS]: Dependencies listed in requirements.txt (agentscope, dashscope) are standard, well-known libraries associated with the vendor's ecosystem (Alibaba Cloud).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — insurance-claim-fraud-detection