health-data-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): High-risk Indirect Prompt Injection surface. Ingestion points: 776 FHIR files, lab PDFs, and XML exports in
health/directory. Boundary markers: Limited to a textual warning in the markdown; no structural delimiters for external content. Capability inventory: Skill reads medical data to propose supplement protocol changes and interpret clinical trends. Sanitization: No sanitization or validation of the content within the medical records is specified. Maliciously injected instructions in a lab report could lead to dangerous medical advice. - DATA_EXFILTRATION (HIGH): Sensitive data exposure. The skill definition itself contains specific lab values and diagnoses (e.g., Hashimoto's, high TPO antibodies). Additionally, the skill enables access to a massive 1.3GB local health dataset without technical exfiltration safeguards, creating a high risk if the agent has network access.
Recommendations
- AI detected serious security threats
Audit Metadata