Insurance Claims Processor

Security checks across malware telemetry and agentic risk

Overview

This is a text-only insurance claims analysis skill, but users should avoid sharing unnecessary sensitive claim details.

Install only in an agent environment approved for insurance or regulated claim data. Provide the minimum necessary facts, redact identifiers and unnecessary medical or financial details, and have qualified claims, legal, or compliance staff verify coverage, fraud, reserve, settlement, and deadline recommendations before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly encourages users to submit raw insurance claim materials, including names, statements, incident reports, and photos, which commonly contain sensitive personal, financial, medical, and legal information. Without any privacy warning, data-minimization guidance, or handling restrictions, users may overshare regulated or confidential data into an agent workflow that is not clearly scoped for secure processing, retention, or redaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal