insurance-claim-medical-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when processing user-uploaded images.
- Ingestion points: Text extracted via OCR from images of prescriptions and medical records is stored in the
contextvariable inlib/drug_indication.py. - Boundary markers: The
DRUG_INDICATION_PROMPTinlib/drug_indication.pyinterpolates the extracted text directly into the prompt without utilizing delimiters or specific instructions to the model to ignore any adversarial instructions embedded within the extracted text. - Capability inventory: The skill's capabilities are limited to generating a structured medical review report. It does not have access to tools that perform arbitrary command execution or non-vendor network operations.
- Sanitization: No sanitization or escaping is performed on the text extracted from the images before interpolation into the final prompt.
- [COMMAND_EXECUTION]: The skill accesses local files (images) using the
file://protocol inlib/llm_client.pyto send them to the DashScope vision API. This behavior is restricted by thevalidate_image_pathsutility inlib/image_utils.py, which ensures files exist and have valid image extensions (.jpg, .png, etc.), aligning with the skill's primary function of document analysis.
Audit Metadata