tooluniverse-rare-disease-diagnosis
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes clinical descriptions and symptom lists provided by the user. This data is incorporated into tool queries and generated reports without the use of explicit boundary markers or delimiters. This creates a theoretical surface for indirect prompt injection, where a malicious user could attempt to influence agent behavior through crafted symptom names.\n
- Ingestion points: Symptom descriptions and patient features provided by users in Phase 1 (symptoms_list) and referenced throughout the diagnostic workflow.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded instructions were identified for user-provided clinical data.\n
- Capability inventory: The skill utilizes extensive network access via specialized medical APIs and maintains the ability to write several data and report files to the local environment.\n
- Sanitization: No explicit sanitization or validation of clinical terms was observed before the data is passed to external research tools or included in report outputs.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with numerous well-known and trusted scientific resources, including the National Center for Biotechnology Information (NCBI) PubMed, the Orphanet rare disease database, and the OMIM catalog. These interactions are legitimate, necessary for the skill's stated purpose, and involve recognized academic and medical institutions.\n- [DATA_EXFILTRATION]: No unauthorized data transmission was detected. The skill properly manages API keys for external services through environment variables and only communicates with established and reputable biomedical service providers.\n- [COMMAND_EXECUTION]: No evidence of arbitrary command execution, privilege escalation attempts, or unauthorized persistence mechanisms was found within the skill's instructions or code snippets.
Audit Metadata