fhir-hl7-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [NO_CODE] (LOW): The skill contains no executable scripts or binaries. It relies entirely on the agent's internal logic to interpret the provided Markdown instructions for data validation.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external content. Ingestion points: Data is ingested through commands such as 'validate-fhir ' and 'validate-hl7 ' as specified in SKILL.md. Boundary markers: Absent; the instructions do not define delimiters or provide warnings for the agent to ignore natural language instructions found inside the healthcare data files. Capability inventory: The agent has the capability to write output to the filesystem via the '--output' flag and generate reports based on the data. Sanitization: Absent; there are no instructions to sanitize, escape, or validate the content of the healthcare records before the agent processes them.
- [DATA_EXFILTRATION] (MEDIUM): The skill's '--terminology-check' feature explicitly enables 'online lookup'. While intended for legitimate terminology validation (e.g., SNOMED CT), this network capability could be exploited via indirect prompt injection to exfiltrate sensitive data to an attacker-controlled terminology endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata