create-soap-note
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection because it processes untrusted clinical data without adequate isolation.\n
- Ingestion points: Patient demographics and clinical findings mentioned in the workflow (SKILL.md).\n
- Boundary markers: Absent. The template does not use delimiters to distinguish untrusted data from the agent's instructions.\n
- Capability inventory: The skill performs file system write operations to save notes (SKILL.md).\n
- Sanitization: Absent. The skill lacks instructions for validating or escaping clinical data before processing.\n- [DATA_EXFILTRATION]: The skill workflow recommends using a
<patient_id>in the filename for saved notes. This practice leads to the exposure of sensitive Protected Health Information (PHI) within file system metadata, which may be accessible to other processes or recorded in system logs.
Audit Metadata