skills/jeremylongshore/claude-code-plugins-plus-skills/checking-hipaa-compliance/Gen Agent Trust Hub
checking-hipaa-compliance
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of reading and analyzing untrusted external files.
- Ingestion points: The scripts
scripts/config_validator.py,scripts/hipaa_scan.py, andscripts/report_generator.pyare designed to recursively scan all files in a target directory. - Boundary markers: There are no delimiters or instructions in the
SKILL.mdor the Python scripts to differentiate between the agent's instructions and the content being analyzed, nor are there commands to ignore embedded instructions. - Capability inventory: The skill is granted extensive permissions, including
Read,Write,Edit, andBashcommand execution, which could be leveraged if an injection occurs. - Sanitization: The skill does not implement any mechanisms to sanitize or filter the content of the files it reads before providing that data to the agent's context.
Audit Metadata