revenue-leakage-detection
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and instructional content with no executable scripts or commands.
- [PROMPT_INJECTION]: No instructions to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive file paths, network operations, or hardcoded credentials were found. The skill documentation correctly identifies the need for HIPAA compliance when handling Protected Health Information (PHI).
- [INDIRECT_PROMPT_INJECTION]: The skill defines ingestion points for untrusted external data (Encounter data, Charge data, Payment data, etc. in SKILL.md) and lacks explicit boundary markers or sanitization guidelines. However, there is no capability inventory (no subprocess calls, network ops, or file-writing) present in the skill, rendering the attack surface inert.
Audit Metadata