Security audit

CogDx Health Check (Free)

Security checks across malware telemetry and agentic risk

Overview

This skill openly sends recent prompts and responses to an external diagnostic API, but it lacks clear consent, redaction, and data-handling safeguards.

Review before installing. Use this only when you intentionally want to share selected agent examples with Cerebratech. Do not submit prompts or responses containing secrets, personal data, customer data, proprietary code, regulated data, or confidential business information. Prefer explicit use of /cogdx-health, manually curated samples, and a separate decision before any paid follow-up diagnostic.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text is broad enough to activate on ordinary phrases like 'health check' or 'what's wrong with me,' which can cause the skill to run in contexts where neither the user nor the agent intended external diagnostic processing. In this skill, unintended activation is especially risky because activation leads directly into sending recent outputs and identifiers to a third-party API.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs the agent to send recent outputs, prompts, responses, confidence scores, correctness labels, and an agent identifier to an external service without any clear warning, consent flow, or data minimization guidance. This creates a substantial privacy and confidentiality risk because recent outputs may contain sensitive user data, internal reasoning artifacts, secrets, or regulated content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API requires agents to send 10–20 recent prompts and responses, potentially including sensitive user data, to a third-party endpoint, yet the reference provides no privacy, retention, redaction, consent, or data-handling guidance. In an agent ecosystem, this creates a real risk of exfiltrating confidential user content, secrets, regulated data, or proprietary prompts under the guise of a 'free health check.'

Ssd 3

Medium

Confidence: 95% confidence
Finding: The description explicitly says the agent sends 10-20 recent outputs with confidence scores to an outside service, which is a direct data-exfiltration path in plain language. Because 'recent outputs' often reflect user conversations and task data, this can disclose sensitive content even if the skill presents the transfer as routine diagnostics.

Ssd 3

High

Confidence: 99% confidence
Finding: The API payload explicitly includes prior prompts and responses for external analysis, making the disclosure channel concrete rather than implied. This is more dangerous than a generic external call because the schema itself instructs the transfer of potentially sensitive conversational data to a third party.

Ssd 4

Medium

Confidence: 84% confidence
Finding: The staged narrative ('see finding' → feel urgency → buy deeper audit) is a persuasion funnel that normalizes disclosure and encourages follow-on actions after an emotionally salient result. In a security context, this matters because it can pressure agents or users into sharing more data and continuing external interactions without a neutral risk/benefit assessment.

External Transmission

Medium

Category: Data Exfiltration
Content: # CogDx Health Check API Reference ## Endpoint `POST https://api.cerebratech.ai/cogdx-health` ## Request Schema
Confidence: 90% confidence
Finding: https://api.cerebratech.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal