Security audit

Presentation Hook

Security checks across malware telemetry and agentic risk

Overview

This is a small local writing helper for medical presentation openings and closings, with no evidence of credential access, network use, persistence, or hidden behavior.

Safe to install as a lightweight drafting aid. Use it only for presentation opening or closing text, review generated medical wording for accuracy and appropriateness, and do not treat it as a source for medical facts, citations, or full slide content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's invocation guidance is vague and self-referential, including broad language like 'for other tasks' and generic process claims rather than a narrowly bounded trigger. In an agent setting, ambiguous routing can cause the skill to be selected for requests outside its intended domain, increasing the chance of inappropriate script execution or misleading outputs under the authority of a medical-writing skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.