Security audit

助理医师临床考试导师

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese medical exam training skill with coherent exam-drill behavior and no code, credential use, or external data access.

Use this as an exam-practice aid, not as real medical guidance. Avoid entering real patient identifiers or sensitive health details unless you are comfortable with your agent's memory and conversation retention settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The file hard-codes Chinese column headers and a Chinese-only closing phrase (`30秒速记：...`), which constrains model output language regardless of user preference. This is not a code-execution risk, but it can override user intent, reduce accessibility, and create prompt-behavior mismatches in multilingual deployments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal