pyhealth
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a standard interface for the PyHealth library, an established toolkit for clinical machine learning. All instructions align with legitimate research and development workflows.
- [DATA_EXFILTRATION]: While the skill is designed to process sensitive Electronic Health Record (EHR) data (e.g., MIMIC-III, MIMIC-IV, eICU), it operates locally using standard libraries. There are no patterns suggesting unauthorized data exfiltration or external network requests to non-whitelisted domains.
- [PROMPT_INJECTION]: The skill includes functionality for processing clinical text and transcriptions. This creates a surface for indirect prompt injection (Category 8), but the risk is assessed as low as the skill's primary purpose is data classification rather than instruction following, and it includes warnings about clinical validation and data quality.
- [REMOTE_CODE_EXECUTION]: The models described (such as SafeDrug and GAMENet) reference the loading of serialized data (e.g., .pkl and .pt files) for adjacency matrices and model weights. While these formats are associated with deserialization risks, their usage is standard for model persistence in machine learning and is restricted to local file paths provided by the user.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the 'pyhealth' package via standard package managers (uv/pip). This is an expected dependency for the skill's stated purpose.
Audit Metadata