Skills
skills/glebis/claude-skills/doctorg/Gen Agent Trust Hub

doctorg

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill instructions direct the agent to execute local Python scripts (health_query.py) to query a health database. This involves running shell commands with arguments that vary based on the topic.
  • DATA_EXFILTRATION (MEDIUM): The skill systematically accesses highly sensitive personal information, including vitals, heart rate, sleep patterns, and workout history from a local database (health.db). This data is processed and included in the output, creating a high-risk surface for exposure of sensitive health data.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) by ingesting full-text content via Firecrawl without sanitization. Evidence Chain: 1. Ingestion points: WebSearch, Tavily, Firecrawl. 2. Boundary markers: Absent. 3. Capability inventory: Local script execution (health_query.py) and local file access. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:29 PM