Clinical Case Writer

Security checks across malware telemetry and agentic risk

Overview

This clinical-writing skill is coherent, but it handles sensitive patient information with weak privacy scoping and examples that can expose patient identifiers.

Install only if you will use de-identified, authorized patient materials. Do not put real patient names, record numbers, dates, or other identifiers in prompts, filenames, generated documents, or external search terms; review any CNKI/PubMed queries before sending them and store or delete generated files according to your privacy requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The README example exposes a patient's real name in both the sample input and generated filename while the same document states that real names must not appear in filenames or document bodies. In a clinical-writing skill, examples strongly shape user behavior and implementation choices, so this inconsistency can normalize PHI disclosure and lead to privacy breaches in generated artifacts, logs, and shared files.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrase “撰写临床案例” is very generic and can match ordinary user requests that are not intended to invoke this specific skill. In an environment handling sensitive medical records and external literature retrieval, broad activation increases the chance of accidental invocation, unintended processing of PHI, and unanticipated outbound queries.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The feature list advertises automatic extraction of medical record data and retrieval from external sources without a clear warning about sensitive patient data handling, de-identification, consent, or potential disclosure to third-party services. Because this skill operates on clinical information, omission of these warnings materially increases the risk of users supplying protected health information without understanding privacy or compliance implications.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation examples are broad enough that the skill may trigger on generic requests like “撰写临床案例” without clear confirmation of data source, authorization, or boundaries. In a medical-writing skill that processes patient records and may perform external literature queries, overly broad activation increases the chance of unintended handling of sensitive health information.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The workflow explicitly reads patient records in multiple formats and performs external literature retrieval, but it does not warn about privacy, PHI minimization, de-identification before processing, or risks of sending sensitive content to external services. In the clinical context, this omission is significant because users may provide identifiable medical records and the skill may expose or propagate protected health information beyond the local environment.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The examples explicitly describe generating Markdown and Word files from patient case data and storing them under predictable output paths, but provide no guidance on minimizing, anonymizing, or protecting medical information. In a clinical-document-writing skill, this omission can lead users to persist sensitive health data to disk in cleartext or shared locations, increasing the risk of privacy violations and unauthorized disclosure.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The full example includes directly identifiable medical information, including a patient's name, sex, age, symptoms, and diagnoses, without any indication that the data is fictional or de-identified. In a healthcare context, this normalizes unsafe handling of protected health information and could cause users to input or publish real patient records without consent, creating serious privacy, compliance, and confidentiality risks.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The usage examples are very broad generic phrases such as '撰写临床案例' and '检查临床案例参考文献是否符合规范', which can easily overlap with normal user requests and cause the skill to activate without clear user intent. Because this skill can process local files and generate structured documents, unintended invocation could lead to inappropriate handling of sensitive medical content or unexpected automated actions.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The manifest description and usage examples indicate Chinese-only operation without stating that language should follow user preference. This can cause the agent to override the user's chosen language or unexpectedly transform content into Chinese, which is especially problematic in clinical writing where accuracy, consent, and locale-specific formatting matter.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal