biomedical-paper-billing

Security checks across malware telemetry and agentic risk

Overview

This is a biomedical manuscript drafting and DOCX formatting skill with disclosed citation checking, not hidden account access or destructive behavior.

Install only if you are comfortable using external search services for citation checks. Treat generated papers as drafts: verify every PMID/DOI, approve any replaced citation, and review all biomedical claims before submission or publication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to perform PubMed or web searches and make external editorial decisions based on network-fetched content, but this capability is not declared in the manifest. Undeclared network access expands the skill's trust boundary, can leak user-provided manuscript content or references to third parties, and makes behavior harder to audit or permission-gate.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The workflow directs automatic replacement of user-provided citations with newer external literature, creating an undeclared retrieval-and-modification path. In a biomedical writing context, silently substituting references can alter scientific meaning, introduce citation poisoning or unreviewed content, and compromise research integrity without the user's informed approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal