hipaa-compliance
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill content is informational and focuses on security best practices for handling sensitive health data.
- [NO_CODE]: The skill is comprised solely of markdown documentation and does not include any executable scripts or files.
- [DATA_EXFILTRATION]: The skill explicitly defines sanitization protocols to prevent the accidental exposure of PHI in system logs, listing specific fields for redaction such as content, notes, and credentials.
- [PROMPT_INJECTION]: The skill identifies surfaces for indirect prompt injection by defining untrusted data types that the agent may process. • Ingestion points: Chat conversations and journal entries identified as PHI (SKILL.md). • Boundary markers: None provided in the implementation examples. • Capability inventory: The skill utilizes Read, Write, and Edit tools. • Sanitization: Documentation provides logic for redacting sensitive fields from audit logs, though raw content processing remains a surface.
Audit Metadata