family-health-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection through its data ingestion points.
- Ingestion points: The skill reads from
data/family-health-tracker.json,data/hypertension-tracker.json,data/diabetes-tracker.json, anddata/profile.json(SKILL.md, Step 2). - Boundary markers: None are defined to separate health data from instructions.
- Capability inventory: Uses
Read,Write,Grep, andGlobtools. It can modify local files and generate complex HTML outputs. - Sanitization: There is no evidence of sanitization for the data retrieved from trackers before it is used in risk calculation or report generation.
- [Data Exposure] (HIGH): The skill explicitly targets sensitive personal and medical files including
profile.jsonand disease-specific trackers. While no network exfiltration is explicitly coded in the skill definition, the 'Write' permission allows for the aggregation and potential exposure of PHI in generated reports. - [Dynamic Execution / HTML Injection] (MEDIUM): In Step 7, the skill generates HTML reports including ECharts components. If data from the JSON trackers (like family member names or condition notes) contains malicious HTML/JS, it could lead to stored XSS or visualization hijacking when the user views the 'Full Version' report.
Recommendations
- AI detected serious security threats
Audit Metadata