NDIS Progress Note Claiming

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal NDIS documentation assistant, with a minor risk that broad trigger phrases could activate it in unrelated writing requests.

Install only if you want help with NDIS-related progress notes, claiming language, or audit documentation. Treat its outputs as drafting support, not legal, payroll, billing, or compliance advice, and verify NDIS-specific recommendations against current provider obligations before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains very generic phrases such as 'write a note', 'help me write', and 'what to write', which can appear in many unrelated conversations. This can cause the skill to activate outside its intended NDIS compliance context, leading the agent to provide specialized claiming or documentation guidance when the user did not request it.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger guidance includes broad phrases like 'what to write' and 'what to include in notes' without strong domain scoping, which increases the chance of unintended invocation on ordinary writing-assistance requests. In this skill, accidental activation is risky because it may steer responses toward regulated NDIS compliance and billing advice that is irrelevant or misleading in a non-NDIS context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal