insurance-claim-medical-review

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when processing user-uploaded images.
  • Ingestion points: Text extracted via OCR from images of prescriptions and medical records is stored in the context variable in lib/drug_indication.py.
  • Boundary markers: The DRUG_INDICATION_PROMPT in lib/drug_indication.py interpolates the extracted text directly into the prompt without utilizing delimiters or specific instructions to the model to ignore any adversarial instructions embedded within the extracted text.
  • Capability inventory: The skill's capabilities are limited to generating a structured medical review report. It does not have access to tools that perform arbitrary command execution or non-vendor network operations.
  • Sanitization: No sanitization or escaping is performed on the text extracted from the images before interpolation into the final prompt.
  • [COMMAND_EXECUTION]: The skill accesses local files (images) using the file:// protocol in lib/llm_client.py to send them to the DashScope vision API. This behavior is restricted by the validate_image_paths utility in lib/image_utils.py, which ensures files exist and have valid image extensions (.jpg, .png, etc.), aligning with the skill's primary function of document analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:29 PM
Security Audit — agent-trust-hub — insurance-claim-medical-review