clinical-decision-support
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's diagram generation utility in
scripts/generate_schematic_ai.pyis susceptible to indirect prompt injection. It accepts user-supplied descriptions and interpolates them directly into prompts sent to secondary AI models for review and refinement without using boundary markers or sanitization. This could allow maliciously crafted input to influence the AI model's output or potentially leak context. - Ingestion points: User-provided
promptargument inscripts/generate_schematic_ai.py. - Boundary markers: Absent in the
review_promptandimproved_prompttemplates. - Capability inventory: Subprocess execution (via wrapper) and file system writes (images and logs).
- Sanitization: No input validation or filtering of the prompt text is performed before interpolation.
- [COMMAND_EXECUTION]: The script
scripts/generate_schematic.pyusessubprocess.runto execute a localized helper script. While it processes user-provided text as an argument, it employs a list-based argument passing method (as opposed to a shell string), which prevents shell-level command injection and is considered a safe implementation of subprocess calls. - [EXTERNAL_DOWNLOADS]: The
scripts/generate_schematic_ai.pyscript makes network requests to the OpenRouter API (openrouter.ai) to utilize remote AI models for schematic generation. Although this is a core intended feature, it requires an external API key and transmits user-defined content to a third-party service.
Audit Metadata