Back to skill

Security audit

Variant Annotation

Security checks across malware telemetry and agentic risk

Overview

This genomics skill appears purpose-aligned, but it handles sensitive variant information and sends it to external NCBI services without clear user-facing consent or scoping.

Install only if you are comfortable with variant identifiers or related genomic inputs being sent to NCBI for lookup. Do not use its ACMG or pathogenicity output as medical advice; have any clinically meaningful result reviewed by a qualified genetics professional, and avoid providing full VCF or identifiable genomic data unless the skill adds clear consent and minimization controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares substantial capabilities in its documentation and examples—reading files, writing output, and making network/API requests—but does not declare corresponding permissions. This mismatch weakens governance and review controls because the runtime may perform broader actions than policy metadata signals, increasing the chance of unreviewed data access or exfiltration through external APIs.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to activate on ordinary biomedical questions, including generic mentions of ClinVar, dbSNP, pathogenicity, or clinical significance. Over-broad invocation can route unrelated user content into a networked, file-capable skill, expanding the attack surface for prompt injection, unintended data handling, and misleading automated interpretation in a medically sensitive domain.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user-supplied variant identifiers directly to external NCBI services, which can expose potentially sensitive genomic information without any explicit notice or consent flow. In a genomics context, even variant strings, HGVS notations, coordinates, or VCF-derived inputs may constitute sensitive health-related data, so silent transmission creates a real privacy and compliance risk.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **PM3** (2.0): AR disorder, detected in trans with pathogenic
- **PM4** (2.0): Protein length changing
- **PM5** (2.0): Novel missense at same position as known pathogenic
- **PM6** (2.0): Assumed de novo without confirmation
- **PP1** (1.0): Cosegregation with disease
- **PP2** (1.0): Missense in gene with low benign rate
- **PP3** (1.0): Multiple computational evidence support
Confidence
84% confidence
Finding
without confirmation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.