genai-services
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill follows security best practices by providing logic for redacting sensitive healthcare information (PHI/PII) before it is sent to external services.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill provides explicit patterns and warnings against transmitting sensitive identifiers (MRN, SSN, patient names) to remote APIs, recommending a secure local mapping strategy instead.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes external text (medical notes) via GenAI endpoints (genai_client.chat). While it includes redaction and validation logic, it presents a standard ingestion surface for untrusted data.\n
- Ingestion points: The text parameter in truncate_for_model, redact_phi, and the resulting prompt in generate_with_backoff in SKILL.md.\n
- Boundary markers: None identified in the prompt interpolation logic.\n
- Capability inventory: Network access via oci.generative_ai_inference.GenerativeAiInferenceClient.chat.\n
- Sanitization: Includes regex-based redaction for MRNs and SSNs, and a response validation function to check for hallucination markers.
Audit Metadata