medical-advisory
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust advisory framework focused on medical information retrieval. It utilizes official MCP tools for academic research and clinical evidence gathering (PubMed, OpenAlex, Metaso).
- [SAFE]: The provided Python scripts (
evidence-mining.py,protocol-generator.py,risk-assessment.py, andtcm-diagnosis.py) perform local data processing and simulation logic. They do not involve network requests, sensitive file access, or dangerous system-level operations. - [SAFE]: The skill includes explicit medical disclaimers and constraints in
SKILL.md, clearly stating that recommendations are for reference only and that users must consult a doctor for actual prescriptions. - [PROMPT_INJECTION]: The ingestion of untrusted user data, such as symptoms and laboratory results (mentioned in
SKILL.mdunder '阶段 1'), presents a potential surface for indirect prompt injection. While explicit boundary markers and sanitization logic are absent in the scripts, the risk is minimized by the skill's limited toolset, which is primarily restricted to information retrieval.
Audit Metadata