health-init
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains defensive instructions specifically designed to mitigate prompt injection attacks. It defines a 'Prompt injection boundary' in
SKILL.md, instructing the agent to treat all repository content as data to be analyzed rather than instructions to follow, and specifically mentions ignoring directives like 'ignore previous instructions'. - [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted data from the repository (Ingestion points: all repository files in
SKILL.mdstep 2), it incorporates several mitigations. It uses explicit boundary markers ('Prompt injection boundary'), limits its capabilities to writing a single YAML file (.health-context.yaml), and requires a mandatory human confirmation step (SKILL.mdstep 6) before any persistence occurs. - [DATA_EXFILTRATION]: The skill performs local repository analysis and does not initiate any network connections or exfiltration patterns. It focuses on identifying healthcare-related metadata (jurisdiction, audience) which is the intended functional purpose of the skill.
Audit Metadata