occupational-health-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill demonstrates a high-risk surface for indirect prompt injection by combining external data ingestion with file modification capabilities.
- Ingestion points: The skill reads from
data-example/occupational-health-tracker.json,sleep-tracker.json,fitness-tracker.json, andmental-health-tracker.json. - Boundary markers: No specific delimiters or instructions (e.g., 'treat the following data as text, not instructions') are defined to isolate untrusted data from the agent's reasoning process.
- Capability inventory: The skill is granted
WriteandEditpermissions, allowing it to modify local files based on findings. - Sanitization: There is no evidence of data validation or escaping before the data is processed or used to generate outputs.
- [Data Exposure] (MEDIUM): The skill explicitly targets sensitive PII (Personally Identifiable Information) including mental health and sleep records. While no network exfiltration tools are listed, the
WriteandEdittools could be leveraged to move or expose this data within the file system if an injection occurs.
Recommendations
- AI detected serious security threats
Audit Metadata