medical-soap-note-creation

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process 'unstructured clinical encounter summaries' which are used to generate structured documentation. This creates an attack surface for indirect prompt injection if the input text contains malicious instructions that could manipulate the agent's output or tool usage.
  • Ingestion points: Processes clinical encounter summaries in SKILL.md (Step 1).
  • Boundary markers: Absent. The skill does not provide clear delimiters or instructions to ignore potential commands embedded within the clinical summaries.
  • Capability inventory: The skill instructs the agent to use a write_file operation to save the generated SOAP note to the local file system (SKILL.md Step 3).
  • Sanitization: No input sanitization or validation is implemented to verify the integrity of the clinical summary before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 12:04 PM
Security Audit — agent-trust-hub — medical-soap-note-creation