insurance-policy-faq-explainer
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits insurance policy data (links, text, and files) to
https://ai-skills.aifor processing. This is the intended functionality of the skill as it uses the vendor's remote API. - [COMMAND_EXECUTION]: The provided Python runner (
scripts/run.py) uses standard libraries to facilitate API communication. It does not execute arbitrary shell commands or access sensitive local files. - [PROMPT_INJECTION]: The skill processes untrusted external data (insurance documents and web links), which creates a standard attack surface for indirect prompt injection.
- Ingestion points: User-provided inputs
policyClauseText,policyDocumentFile, andinsurerPageLink(documented inSKILL.mdandreferences/form-schema.json). - Boundary markers: None explicitly defined in the provided instructions to isolate user content.
- Capability inventory: The skill uses a Python script (
scripts/run.py) to perform network operations (POST requests) to the vendor's API. - Sanitization: No specific sanitization or filtering logic is visible in the provided files.
- Note: This is an inherent characteristic of skills that analyze external content and is generally mitigated by the underlying AI provider's safety filters.
Audit Metadata