The Agent Skills Directory

[SAFE]: The skill was evaluated for malicious patterns across all threat categories. It consists of Markdown-based documentation and templates without any associated scripts, executables, or network-enabled tools.
[PROMPT_INJECTION]: Instructions in SKILL.md were analyzed for attempts to override agent safety or extract internal state. The skill instead enforces strict safety gates (the 'Safety & Compliance Gate') and clear task boundaries, explicitly forbidding the weakening of security safeguards or the provision of legal advice.
[DATA_EXFILTRATION]: No network operation commands or sensitive file path access were identified. The instructions specifically caution against writing protected health information (PHI) to agent memory and emphasize that real PHI should never be pasted into prompts.
[SAFE]: The surface for indirect prompt injection was evaluated.
Ingestion points: The skill processes user-provided compliance documents and system descriptions as described in SKILL.md §2.
Boundary markers: The skill instructs the agent to confirm the task type and PHI status using structured templates, although it does not use explicit XML/JSON delimiters for all inputs.
Capability inventory: No subprocess calls, file-write, or network operations are present in any of the skill's files.
Sanitization: Instructions in SKILL.md §0 explicitly require the user to sanitize data and confirm the environment is HIPAA-compliant before the agent processes any information.
[EXTERNAL_DOWNLOADS]: The skill refers only to internal documentation and templates. The installation instructions provided for users in the README.md use standard package management tools to reference the author's own verified repository.

hipaa-compliance