mfds-safety
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for credential management by explicitly directing that sensitive API keys (DATA_GO_KR_API_KEY, FOODSAFETYKOREA_API_KEY) remain on the proxy server and should not be hardcoded within the skill or user configuration.
- [SAFE]: The skill manages potential indirect prompt injection risks associated with processing user-provided symptom descriptions and medication names. While it lacks explicit boundary markers for data interpolation, it enforces strong safety constraints by forbidding diagnosis and requiring the agent to strictly summarize official government documentation.
- Ingestion points: User input for symptoms, drug names, and food items processed in SKILL.md for API querying.
- Boundary markers: None identified.
- Capability inventory: Network operations limited to GET requests via the k-skill-proxy endpoints.
- Sanitization: Relies on natural language instructions to limit output to official text summaries; no explicit input filtering is described.
- [SAFE]: The skill implements a comprehensive medical safety workflow, including a 'Mandatory interview first' policy and a 'Red flag' detection mechanism that immediately halts data processing to prioritize 119/emergency service referrals.
Audit Metadata