clinical-reports
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
Bashtool to execute internal Python scripts (e.g.,scripts/generate_schematic.py) using input strings provided by the user as arguments. This pattern is susceptible to command and argument injection if the input is not strictly validated before being passed to the shell.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) when processing medical records and lab results. - Ingestion points: Untrusted external data including patient history, diagnostic findings, and clinical trial results are ingested into the agent context.
- Boundary markers: The skill lacks explicit boundary markers or 'ignore embedded instructions' warnings for the external data it processes.
- Capability inventory: The agent has high-privilege tool access via
Bash,Write, andEdit. - Sanitization: There is no evidence of sanitization or structural validation for the clinical text processed by the agent or its associated scripts.
Audit Metadata