regulatory-affairs-head
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security threats were detected. The skill is designed to provide regulatory guidance and management for medical device manufacturers.
- [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/regulatory_tracker.py) intended to track submission statuses locally. The script utilizes standard library modules (json,datetime,dataclasses,enum) and performs only local file operations onregulatory_submissions.json. It does not execute arbitrary shell commands, access sensitive system paths, or perform network requests. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes external product information and stakeholder inputs to develop regulatory strategies.
- Ingestion points: Product intended use, technology details, and target markets gathered in the 'New Product Regulatory Strategy' workflow (SKILL.md).
- Boundary markers: None identified.
- Capability inventory: Local file write capability through the
scripts/regulatory_tracker.pytool. - Sanitization: No explicit sanitization or input validation logic is present in the skill instructions.
- Analysis: The injection surface is limited to low-impact local tracking and strategy generation, with no high-privilege capabilities exposed to potential attackers via these inputs.
Audit Metadata