digital-health-clinical-asr-eval
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transcribes audio clips by sending them to
grpc.nvcf.nvidia.com. This is a disclosed operation targeting a well-known service infrastructure. - [COMMAND_EXECUTION]: The skill includes Python scripts in the
references/directory for audio transcription and metric scoring. These scripts use standard libraries and are intended to be run by the agent using its local tools. - [PROMPT_INJECTION]: The skill processes untrusted text from
manifest.jsonlfiles as transcription references. Analysis of the capability tier and sanitization logic (normalization and regex-based filtering) indicates this surface is handled safely. - [SAFE]: The skill implements integrity verification via a digital signature bundle (
skill.oms.sig) and provides clear safety disclosures and workflow routing to help users avoid common pitfalls.
Audit Metadata