insurance-underwriting-conclusion-interpretation
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for insurance professionals to automate the generation of customer-facing underwriting notifications. It incorporates extensive compliance and regulatory checks standard in the insurance industry.
- [DATA_EXFILTRATION]: The skill manages sensitive Personal Identifiable Information (PII) and health data. It contains explicit instructions for the agent to ensure health information and identification numbers are masked or de-identified according to privacy regulations. No unauthorized data transfer, hardcoded credentials, or exfiltration patterns were detected.
- [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface through the ingestion of data from parallel underwriting skills and external systems via MCP tools. 1. Ingestion points: Data is collected in Step 1 and via the
underwriting-system.get_underwriting_decisiontool. 2. Boundary markers: Explicit security delimiters for ingested data are absent in the prompt templates. 3. Capability inventory: The skill generates formal notification text and calls thenotification-system.generate_notificationMCP tool. 4. Sanitization: The skill implements business-logic compliance filtering (e.g., checking for discriminatory language or prohibited expressions) which provides a layer of validation.
Audit Metadata