medical-bill-organizer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to automate the classification and data extraction of medical records and invoices, which is consistent with its stated purpose.
- [SAFE]: Document classification logic (e.g., identifying ID cards, bank cards, and various medical forms) is performed via OCR keywords without evidence of data exfiltration to unauthorized third parties.
- [SAFE]: The skill utilizes a vendor-provided tool (qianfanocr-document-intelligence) for OCR tasks, which is expected behavior for an agent skill authored by baidubce.
- [SAFE]: Indirect Prompt Injection Surface: The skill ingests untrusted data from user-supplied folders and archives (SKILL.md). While explicit boundary markers and sanitization methods are not defined in the instructions, the agent's capabilities are restricted to document organization and structured CSV generation, minimizing the risk of exploitation. (Ingestion: folder/archive paths; Boundaries: absent; Capabilities: file organization and CSV writing; Sanitization: absent).
Audit Metadata