israeli-insurance-comparator
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill requires the agent to collect highly sensitive information, most notably Israeli ID numbers (Teudat Zehut) and full names. While necessary for accurate insurance quotes in Israel, this data collection creates a significant risk of exposure if the agent context or logs are mishandled.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its interaction with external data sources.
- Ingestion points: Data is retrieved from various insurance platforms including car.cma.gov.il, hova.co.il, shukabit.co.il, wobi.co.il, and bestie.co.il using WebFetch.
- Boundary markers: Absent; the instructions do not specify any delimiters or warnings to ignore potential instructions embedded within the fetched content.
- Capability inventory: The skill has access to Bash(python:*) and WebFetch tools, which significantly increases the potential impact of an indirect injection attack if a source is compromised.
- Sanitization: Absent; there is no mention of validating, filtering, or sanitizing the content fetched from external websites before processing.
Audit Metadata