Back to skill

Security audit

Non Tumor Ml Research Planner

Security checks across malware telemetry and agentic risk

Overview

This is a text-only biomedical research-planning skill with no code, credential access, persistence, or hidden data handling.

Install only if you want a biomedical research-planning helper for non-cancer bioinformatics and ML studies. Treat its outputs as planning guidance, verify dataset availability and statistical methods independently, and do not use it as clinical or medical decision support.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
97% confidence
Finding
This markdown file explicitly says to trigger the skill even for casual phrasings like "I want to study X using machine learning" and includes broad phrases such as "key genes and diagnostic model for a disease." These descriptions overlap with common research-planning requests and do not clearly bound when this skill should not activate beyond the oncology exclusion, increasing the risk of accidental invocation for unrelated ML or biomedical planning tasks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.