Medical Triage

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a straightforward medical triage helper, but its safety boundaries are under-disclosed for a high-stakes medical use case.

Review carefully before installing. Use this only as non-authoritative triage support, not as a replacement for emergency services, clinical assessment, or licensed medical judgment; deployments should add clear emergency escalation language and require qualified human review before acting on classifications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 97% confidence
Finding: This skill performs medical triage on patient messages and assigns urgency categories, but it does not warn users that the output is not medical advice and must not replace emergency services or clinician judgment. In a medical context, omission of this disclaimer can cause dangerous overreliance on automated classification, including delayed emergency care or inappropriate downgrading of serious symptoms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal