healthcare-audit-logger
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown and JSON metadata. No executable scripts (.py, .js, .sh), binaries, or configuration files capable of performing actions were found.
- [COMMAND_EXECUTION] (SAFE): While the skill defines a command-line interface (CLI) structure in
SKILL.md(e.g.,init,log,export), these are instructional templates for the agent and are not backed by any functional code that would execute on the host system. - [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file path access, or network requests to external domains were detected. The skill outlines PHI tracking conceptually but does not implement data access logic.
- [PROMPT_INJECTION] (SAFE): The instructions in
SKILL.mdare descriptive and focused on compliance workflows. There are no attempts to override agent safety filters, extract system prompts, or utilize jailbreak patterns. - [EXTERNAL_DOWNLOADS] (SAFE): No package manifests (
requirements.txt,package.json) or remote download patterns (e.g.,curl | bash) were identified. - [INDIRECT_PROMPT_INJECTION] (SAFE):
- Ingestion points: Untrusted data could enter via the
<details>or<action>parameters in the documentedlogcommands inSKILL.md. - Boundary markers: Absent; no delimiters are suggested for isolating log details.
- Capability inventory: No active capabilities (subprocess, file-write) are implemented in this skill.
- Sanitization: Absent; the skill does not provide logic for sanitizing log input.
- Note: Because no code is shipped, this category is marked SAFE as there is no functional vulnerability.
Audit Metadata