Back to skill

Security audit

Safety Netting

Security checks across malware telemetry and agentic risk

Overview

This healthcare follow-up skill has a legitimate purpose, but it gives an agent broad authority over sensitive patient communications and records without enough privacy or clinical-control safeguards.

Install only in a governed clinical environment. Require explicit patient consent or another approved legal basis, human review for patient messages and status changes, verified recipient identity, approved clinical communication channels, least-privilege database credentials, and written retention, deletion, audit, encryption, and de-identification rules for stored patient information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

High
Confidence
95% confidence
Finding
This skill handles highly sensitive health data and instructs the agent to store patient identifiers, symptoms, responses, and escalation outcomes in local memory and learning stores, while also transmitting them over multiple channels including email, SMS, WhatsApp, Telegram, and voice. The file does not define any privacy, consent, minimization, retention, access control, encryption, or channel-suitability safeguards, which creates a substantial risk of confidentiality breaches, improper processing of special-category health data, and unsafe use of insecure or misdirected messaging channels.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.