clinical-decision-support
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is authorized to use the
Bashtool and calls local Python scripts in thescripts/directory to perform statistical analyses (e.g.,generate_survival_analysis.py,calculate_statistics.py) and create scientific visualizations.- [PROMPT_INJECTION]: The skill processes untrusted clinical data (e.g., patient cohorts, trial data) which introduces a surface for indirect prompt injection. - Ingestion points: The skill reads clinical cohort data and biomarker profiles to generate publication-ready reports.
- Boundary markers: There are no specific delimiters or "ignore previous instructions" warnings defined for the data ingestion process.
- Capability inventory: The skill has the ability to execute bash commands, write files to the system, and read input data.
- Sanitization: Although HIPAA de-identification is mentioned for compliance, the skill lacks explicit sanitization of input data to prevent it from influencing the generated LaTeX code or script parameters.
Audit Metadata