skills/jeremylongshore/claude-code-plugins-plus-skills/abridge-performance-tuning/Gen Agent Trust Hub
abridge-performance-tuning
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external data.
- Ingestion points: Processes raw audio buffer data in
audio-optimizer.tsand fetches clinical note content from API responses innote-pipeline.ts. - Boundary markers: No delimiters or instructions are used to distinguish data from command context within the processed snippets.
- Capability inventory: The skill performs network operations including WebSocket transmissions (
ws.send) and HTTP POST requests to FHIR endpoints (fhirClient.post). - Sanitization: No sanitization or validation of the ingested data is performed before it is used in downstream operations.
- [DATA_EXFILTRATION]: The skill performs network operations to Abridge and FHIR API endpoints. These operations are consistent with the skill's stated purpose of healthcare AI integration. The implementation follows security best practices by referencing sensitive endpoint URLs via environment variables (
process.env.EPIC_FHIR_BASE_URL) rather than hardcoding them.
Audit Metadata