travel-health-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes structured medical and travel data from local files, creating a surface for indirect prompt injection. Mandatory Evidence Chain: 1. Ingestion points: Data is read from 'data/travel-health-tracker.json' and 'data-example/travel-health-tracker.json'. 2. Boundary markers: Absent; the instructions do not define delimiters to separate data from system instructions during processing. 3. Capability inventory: The skill is authorized to use 'Read', 'Write', 'Grep', and 'Glob', which allows it to read or overwrite local configuration and log files. 4. Sanitization: No validation or sanitization logic is defined for the ingested JSON content.
- [Data Exposure & Exfiltration] (SAFE): The skill explicitly mentions handling sensitive PII like passport numbers and medical records. However, because the 'allowed-tools' are limited to local file system operations and no network tools (e.g., curl, fetch) are present, the risk of automated data exfiltration is mitigated.
- [No Code] (SAFE): The skill is comprised entirely of YAML metadata and Markdown instructions. It does not include Python scripts, Node.js modules, or other executable binaries, reducing the risk of traditional malware or RCE.
Audit Metadata