hipaa-compliance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains no instructions designed to override system prompts, bypass safety filters, or extract system-level information. It strictly adheres to its instructional purpose for HIPAA compliance.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill actively promotes security by providing explicit instructions on sanitizing logs to avoid PHI exposure (e.g., 'Never include actual content!'). It uses internal API endpoints for logging purposes.
- [Remote Code Execution / Unverifiable Dependencies] (SAFE): No external dependencies, package installations, or remote script executions are present. All referenced libraries (e.g., '@/lib/hipaa/audit') appear to be internal project files.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: Processes sensitive health data, journal entries, and chat conversations.
- Boundary markers: Uses explicit instructions to separate metadata from PHI content during logging.
- Capability inventory: Uses 'Read', 'Write', and 'Edit' tools for data management.
- Sanitization: Mandates manual and automatic redaction of sensitive fields like passwords, tokens, and PHI content.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph attacks were found in the skill text or code snippets.
Audit Metadata