abridge-prod-checklist
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to facilitate secure and compliant clinical software deployment. It includes technical validations that enhance security posture, such as ensuring PHI flow is mapped and audit logging is enabled.
- [COMMAND_EXECUTION]: Includes a Bash script for rollback procedures that utilizes curl to interact with official EHR FHIR endpoints. These operations are well-documented and consistent with the skill's healthcare deployment scope.
- [EXTERNAL_DOWNLOADS]: The TypeScript validation script performs network health checks against Abridge and Epic services. These requests are restricted to connectivity testing and use URLs provided via environment variables.
- [DATA_EXFILTRATION]: The skill accesses local .env files to perform a defensive check for hardcoded secrets (e.g., ABRIDGE_CLIENT_SECRET). This is an internal security audit feature designed to prevent accidental credential exposure rather than an exfiltration attempt.
Audit Metadata