healthcare-ui-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines patterns for handling untrusted user data in medical contexts, creating a potential surface for indirect prompt injection if processed by an agent.
- Ingestion points: User input enters the system through patient records (references/patient-records-ui.md), secure messaging (references/communication-outreach-ui.md), and pre-appointment screening questionnaires (references/scheduling-telemedicine-ui.md).
- Boundary markers: The instructions recommend using plain language and tokens like
{patient_name}, but they do not specify LLM-specific delimiters or instructions to ignore embedded commands within these data fields. - Capability inventory: The skill provides templates for UI generation, API integration, and data visualization, but it does not execute arbitrary shell commands or provide direct file system access.
- Sanitization: The skill demonstrates security best practices such as using
htmlspecialcharsin PHP (references/web-implementation.md) andEncryptedSharedPreferenceson Android (references/compliance-accessibility.md) to sanitize and protect data at the application layer.
Audit Metadata