Back to skill

Security audit

Inr Sender

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it sends identifiable medical information by email through an undeclared local Gmail tool and should be reviewed before use.

Use this only if you are the intended person or are authorized to send this INR report, and only if you trust the local gog Gmail tool and configured Gmail account. Before running it, manually verify the INR value, recipient mode, subject, and message body because the email includes medical information plus full identifying details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to transmit highly sensitive health data together with directly identifying information, including a full name, birth date, and INR result, over email, but it provides no privacy warning, consent language, or indication of security controls. In this context, omission of privacy safeguards is dangerous because users may unknowingly disclose protected medical information to third parties or to the wrong recipient, especially since the skill supports sending to a test address unrelated to care delivery.

Natural-Language Policy Violations

Low
Confidence
86% confidence
Finding
The skill is hard-coded for a specific named individual and embeds personal identity details directly in the message template, which increases the likelihood of unauthorized disclosure, misuse, or accidental invocation for the wrong person. In a medical context, this personalization is more dangerous than generic customization because it ties a health workflow to a fixed real-world identity without clear access controls, consent checks, or user selection.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits sensitive health information (an INR result plus the patient's full name and date of birth) by email immediately, without any in-script confirmation, review step, or visible safeguard against accidental sending to the wrong recipient. In this skill context, the data is clearly medical and personally identifying, so unintended transmission would create a meaningful privacy and compliance risk even if the code appears intended for legitimate care coordination.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.