deepread-medical
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits local document data to api.deepread.tech. This is the core functionality required for medical record extraction and is directed to the vendor's own API.
- [EXTERNAL_DOWNLOADS]: Fetches processed document files from the vendor's domain after redaction tasks are complete.
- [PROMPT_INJECTION]: The processing of external clinical documents constitutes an indirect prompt injection surface.
- Ingestion points: The skill reads local PDF documents (e.g., patient_record.pdf) in SKILL.md for transmission to the API.
- Boundary markers: No delimiters or warnings are present in the provided examples to isolate document content from the agent's instructions.
- Capability inventory: The skill performs network operations (POST/GET) and writes files to the filesystem in SKILL.md.
- Sanitization: There is no explicit sanitization of the structured data returned from the API before it is processed or displayed.
Audit Metadata