clinical-decision-support
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external patient and clinical data to generate reports, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Untrusted data enters the agent's context through CSV, JSON, and text files processed by scripts such as
biomarker_classifier.py,generate_survival_analysis.py, andbuild_decision_tree.py.\n - Boundary markers: Absent. The skill instructions do not specify the use of delimiters or warnings to the agent to ignore potentially malicious instructions embedded within the clinical data.\n
- Capability inventory: The skill has access to the
Bash,Write,Edit, andReadtools, providing a broad set of capabilities that could be exploited if an injection occurs.\n - Sanitization: While the skill includes a
validate_cds_document.pyscript, it focuses on medical quality and HIPAA compliance rather than sanitizing input against code or prompt injection.\n- [COMMAND_EXECUTION]: TheSKILL.mdfile instructs the agent to execute a shell command (python scripts/generate_schematic.py) using natural language descriptions. If these descriptions are derived from untrusted user input without proper escaping, it presents a risk of command injection.\n- [COMMAND_EXECUTION]: The scriptbuild_decision_tree.pydynamically assembles LaTeX/TikZ code by interpolating user-provided strings. This creates a vulnerability to LaTeX injection, which could be used to read files or execute unintended logic if the resulting document is compiled in a privileged environment.
Audit Metadata