healthcare-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external, untrusted data (business records and news snippets) and passes them into LLM prompts for analysis. \n
- Ingestion points: Scraped content from various platforms enters the system via
scripts/funding_detector_v2.pyand is evaluated by the LLM inscripts/analyzer.py(using theanalyze_with_llmfunction). \n - Boundary markers: The prompt construction in
scripts/analyzer.pylacks clear delimiters or instructions to ignore potential commands embedded within the enterprise data. \n - Capability inventory: The skill has capabilities including network operations (scraping and notifications), file writing (reports and snapshots), and subprocess execution (credential retrieval via
passand notification pushing). \n - Sanitization: No sanitization or escaping of external content before interpolation into prompts was identified in the source code.
Audit Metadata