clinical-decision-support
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection as it processes external, untrusted clinical data (patient descriptions, cohort parameters) to generate medical advice and professional documents. Maliciously crafted input could influence the agent's reasoning or subvert clinical guidelines. Evidence: The README.md and example_gbm_cohort.md show the agent ingests complex clinical scenarios to determine treatment paths without explicit boundary markers or sanitization.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill references several Python scripts (e.g., generate_survival_analysis.py, validate_cds_document.py) for statistical analysis and document validation. Execution of these scripts with arguments derived from untrusted user input presents a risk of command or argument injection.
- [Dynamic Execution] (MEDIUM): The generation of LaTeX and TikZ files involves dynamic code construction. Insecure LaTeX configurations or the use of unsafe YAML loading (via the mentioned pyyaml dependency) could allow for arbitrary code execution on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata