Gene2ai

Security checks across malware telemetry and agentic risk

Overview

Gene2AI appears to be a coherent health-data integration, but it needs Review because it encourages persistent agent memory and undisclosed proactive messages involving sensitive medical and genetic information.

Install only if you trust Gene2AI with medical and genetic information. Before enabling it, avoid cross-session memory for health profile details unless you explicitly want that, enable daily briefings only deliberately, watch for proactive nudges or reminders, and remember that messaging previews can expose sensitive health inferences. Revoke or rotate the API key if you stop using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to create recurring scheduled health briefings and separate proactive nudges that message the user later, outside the immediate conversational request. Because the content is health-related and derived from sensitive genomic and clinical data, this creates a real privacy and autonomy risk even if some consent is mentioned elsewhere; the user may not understand that future unsolicited disclosures will be pushed through external messaging channels.

Intent-Code Divergence

High

Confidence: 91% confidence
Finding: The document says not to give medical advice, but its later examples tell the agent to recommend concrete medication choices and dosing alternatives based on pharmacogenomic interpretation. That contradiction is dangerous because an agent may present individualized medication guidance as actionable advice, potentially influencing drug selection or dosing without clinician oversight.

Vague Triggers

High

Confidence: 93% confidence
Finding: The activation criteria are extremely broad, covering ordinary discussions about diet, sleep, stress, travel, exercise, medication, appointments, and family planning. In a skill handling highly sensitive health and genetic data, this broad trigger surface increases the chance the agent will invoke the skill and access or reference protected data in conversations where the user did not reasonably expect it.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill encourages caching and reusing a health profile across conversations while characterizing it as safe for memory, despite containing highly sensitive medical conclusions, pharmacogenomic interpretations, and inferred disease risks. Presenting this as safe without a strong user warning or explicit retention consent materially increases the risk of long-term exposure, unintended reuse, and privacy violations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The daily briefing workflow sends health-related content through messaging channels and only later discusses keeping it at a conclusion level. Without a clear upfront warning before setup that others may see these notifications, the user may unknowingly expose sensitive health inferences via lock screens, chat previews, or shared devices.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill authorizes proactive one-shot health nudges triggered by internal interpretation of user data and conversation history, but does not require a dedicated warning that sensitive health inferences may be sent later. This creates a genuine privacy risk because unsolicited follow-up messages can reveal medical concerns, medication issues, or clinical follow-up needs at unexpected times and in visible channels.

Ssd 3

High

Confidence: 98% confidence
Finding: This line explicitly states that the health profile is designed to be cached and reused across conversations. Persistent retention of genomic and clinical conclusions in agent memory is highly sensitive and increases the blast radius of compromise, accidental resurfacing in unrelated contexts, and unauthorized long-term profiling.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill repeatedly instructs the agent to cache, memorize, and reference the health profile across sessions as standard practice. Repetition matters here because it normalizes persistent storage of sensitive medical and genetic inferences, making misuse more likely and encouraging designs that exceed what is necessary for the immediate task.

Ssd 3

High

Confidence: 95% confidence
Finding: These instructions tell the agent to include user-specific health profile data when composing proactive scheduled messages. Even if phrased gently, embedding individualized health information in outbound messages creates a substantial confidentiality risk because message previews, shared accounts, or compromised channels can reveal sensitive conditions or genetic implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal