insurance-underwriting-health-verification

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires agentscope and dashscope Python packages. These are official libraries from the skill's author, Aliyun (Alibaba Cloud), used for building AI agents and accessing Large Language Model APIs.
  • [PROMPT_INJECTION]: The skill processes untrusted data from medical documents (via OCR) and voice recordings (via ASR) to perform risk assessments. The absence of explicit boundary markers or instructions to isolate this data creates a surface for indirect prompt injection, where malicious content embedded in a document could attempt to subvert the agent's underwriting logic.
  • Ingestion points: Untrusted data enters the agent context through tools like ocr-service.extract_text and asr-service.transcribe_audio as specified in the MCP tool definitions in SKILL.md.
  • Boundary markers: Absent. The skill instructions do not specify the use of delimiters (such as XML tags or triple quotes) or provide guidance to the agent to treat this external text as purely informational data.
  • Capability inventory: The agent has access to several MCP tools for data retrieval and verification, including customer-system.get_customer_profile, policy-system.verify_policy_status, and underwriting-system.query_underwriting_rules.
  • Sanitization: No explicit sanitization, filtering, or validation logic for the content extracted from external documents is defined before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:41 AM
Security Audit — agent-trust-hub — insurance-underwriting-health-verification