sundhed-dk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions designed to override agent behavior or safety filters were detected. The scripts are functional data parsers.
- Data Exposure & Exfiltration (SAFE): Although the scripts process highly sensitive medical data (e.g., medications, diagnoses, hospital records), they do not contain any network-capable code (e.g., fetch, curl, or socket operations) and do not write to files. Output is restricted to console logging.
- Obfuscation (SAFE): No encoded content, hidden characters, or homoglyphs were found. The code is transparent and well-documented.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts rely solely on the built-in Node.js 'fs' module. No external dependencies are installed, and no dynamic code execution (eval/exec) is used.
- Indirect Prompt Injection (LOW): These scripts transform untrusted external data into text for an AI agent, creating a theoretical injection surface. However, this is inherent to the task of a data parser.
- Ingestion points: Each script reads JSON from 'fs.readFileSync("/dev/stdin", "utf8")'.
- Boundary markers: Absent; the output is raw Markdown.
- Capability inventory: The scripts have no capabilities beyond string manipulation and standard output; they cannot execute commands or access the network.
- Sanitization: 'parse-henvisninger.js' and 'parse-proevesvar.js' include 'htmlToText' functions that strip HTML tags and replace common entities, providing basic structural sanitization.
Audit Metadata