hipaa-phi-inventory
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured documentation and automated checks for HIPAA compliance with no evidence of malicious intent or hidden payloads.
- [PROMPT_INJECTION]: Analysis of SKILL.md and supporting markdown files revealed no instructions attempting to bypass safety filters, override agent behavior, or extract system prompts.
- [DATA_EXFILTRATION]: No network operations (curl, requests, etc.) or hardcoded credentials were found. The skill does not access sensitive local configuration paths like SSH keys or AWS credentials.
- [REMOTE_CODE_EXECUTION]: The Python script in
scripts/process.pyrelies exclusively on standard library modules (json, sys, datetime). It does not download external packages or execute remote code. - [COMMAND_EXECUTION]: There are no attempts to execute arbitrary shell commands, perform privilege escalation (sudo), or establish persistence on the host system.
- [OBFUSCATION]: No Base64-encoded instructions, zero-width characters, or homoglyph-based deceptions were identified in the source files.
- [DYNAMIC_EXECUTION]: The logic in the Python script is static and focuses on auditing structured JSON data; it contains no dangerous functions like eval(), exec(), or unsafe deserialization.
Audit Metadata