insurance-underwriting-conclusion-interpretation

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for insurance professionals to automate the generation of customer-facing underwriting notifications. It incorporates extensive compliance and regulatory checks standard in the insurance industry.
  • [DATA_EXFILTRATION]: The skill manages sensitive Personal Identifiable Information (PII) and health data. It contains explicit instructions for the agent to ensure health information and identification numbers are masked or de-identified according to privacy regulations. No unauthorized data transfer, hardcoded credentials, or exfiltration patterns were detected.
  • [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface through the ingestion of data from parallel underwriting skills and external systems via MCP tools. 1. Ingestion points: Data is collected in Step 1 and via the underwriting-system.get_underwriting_decision tool. 2. Boundary markers: Explicit security delimiters for ingested data are absent in the prompt templates. 3. Capability inventory: The skill generates formal notification text and calls the notification-system.generate_notification MCP tool. 4. Sanitization: The skill implements business-logic compliance filtering (e.g., checking for discriminatory language or prohibited expressions) which provides a layer of validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:41 AM
Security Audit — agent-trust-hub — insurance-underwriting-conclusion-interpretation