insurance-underwriting-health-verification
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires
agentscopeanddashscopePython packages. These are official libraries from the skill's author, Aliyun (Alibaba Cloud), used for building AI agents and accessing Large Language Model APIs. - [PROMPT_INJECTION]: The skill processes untrusted data from medical documents (via OCR) and voice recordings (via ASR) to perform risk assessments. The absence of explicit boundary markers or instructions to isolate this data creates a surface for indirect prompt injection, where malicious content embedded in a document could attempt to subvert the agent's underwriting logic.
- Ingestion points: Untrusted data enters the agent context through tools like
ocr-service.extract_textandasr-service.transcribe_audioas specified in the MCP tool definitions inSKILL.md. - Boundary markers: Absent. The skill instructions do not specify the use of delimiters (such as XML tags or triple quotes) or provide guidance to the agent to treat this external text as purely informational data.
- Capability inventory: The agent has access to several MCP tools for data retrieval and verification, including
customer-system.get_customer_profile,policy-system.verify_policy_status, andunderwriting-system.query_underwriting_rules. - Sanitization: No explicit sanitization, filtering, or validation logic for the content extracted from external documents is defined before it is processed by the model.
Audit Metadata