insurance-policy-faq-explainer

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits insurance policy data (links, text, and files) to https://ai-skills.ai for processing. This is the intended functionality of the skill as it uses the vendor's remote API.
  • [COMMAND_EXECUTION]: The provided Python runner (scripts/run.py) uses standard libraries to facilitate API communication. It does not execute arbitrary shell commands or access sensitive local files.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (insurance documents and web links), which creates a standard attack surface for indirect prompt injection.
  • Ingestion points: User-provided inputs policyClauseText, policyDocumentFile, and insurerPageLink (documented in SKILL.md and references/form-schema.json).
  • Boundary markers: None explicitly defined in the provided instructions to isolate user content.
  • Capability inventory: The skill uses a Python script (scripts/run.py) to perform network operations (POST requests) to the vendor's API.
  • Sanitization: No specific sanitization or filtering logic is visible in the provided files.
  • Note: This is an inherent characteristic of skills that analyze external content and is generally mitigated by the underlying AI provider's safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — insurance-policy-faq-explainer