ai-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill accesses highly sensitive health data, including medical history, medication records, and allergy information (e.g.,
data/index.json,data/medications.json,data/allergies.json). While no external network tools are explicitly enabled, the ingestion of PHI into the agent context presents a privacy risk if the agent's output is logged or redirected. - [Indirect Prompt Injection] (LOW): The skill processes data from multiple external sources that could be influenced by a user or attacker to override agent behavior.
- Ingestion points: Data enters through
data-example/fitness-tracker.json,data-example/sleep-tracker.json, anddata-example/mental-health-tracker.json. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: The agent has
Read,Write,Grep, andGlobcapabilities, which could be exploited if an injection is successful. - Sanitization: There is no evidence of data sanitization or validation for the health tracker files.
- [Dynamic Execution] (LOW): The skill documentation mentions calling an external script
scripts/generate_ai_report.pyfor report generation. Although a Python execution tool is not in theallowed-toolslist, the reliance on external scripts for core functionality introduces a secondary execution path that is not fully transparent in the skill's defined toolset.
Audit Metadata