Security audit

Global Health Public Health Data

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed public-health data lookup skill that uses an AgentPMT remote tool and does not include local executable code or hidden persistence.

Install this if you want AgentPMT-backed global health data lookups. Be aware that queries are remote, may cost 10 credits each, and should be used only for public-health or World Bank-style data requests rather than generic country questions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill advertises broad activation keywords such as generic phrases around querying health data, country, or region, which can cause over-selection in unrelated contexts and trigger external tool calls when a simpler or local answer would suffice. In an agent ecosystem, this increases the chance of unnecessary remote data transmission, paid invocations, and unintended workflow routing.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal