hipaa-guardian
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides defensive security and compliance auditing capabilities. No evidence of malicious prompt injection, data exfiltration, or unauthorized command execution was found.
- [DATA_EXFILTRATION]: No network activity or data exfiltration patterns were detected. All processing of sensitive data (scanning and hashing) is performed locally within the provided Python scripts.
- [CREDENTIALS_UNSAFE]: While the skill's documentation and reference files contain examples of authentication patterns (e.g., JWT secret placeholders), no hardcoded production secrets or credentials were found in the functional scripts.
- [COMMAND_EXECUTION]: Command execution is limited to the skill's internal logic for auditing security controls and running its own Python-based scanners via a bash pre-commit hook script. These operations are standard for development security tools.
- [PROMPT_INJECTION]: The instructions provided to the agent focus strictly on the identification and remediation of PHI leakage and do not contain patterns intended to bypass safety filters or override system instructions.
- [DATA_EXPOSURE]: The skill inherently manages the surface area for indirect prompt injection by advising the agent to treat data as synthetic by default and providing mechanisms for hashing and redacting any detected sensitive information before outputting it.
Audit Metadata