Bingli Shengchengqi

Security checks across malware telemetry and agentic risk

Overview

This medical-record drafting skill is coherent but needs review because it handles sensitive health information and may invent unprovided clinical details.

Review carefully before installing. Use only with explicit user intent, avoid entering real patient-identifying information unless your environment is approved for it, and treat all generated records as drafts requiring clinician review. Missing clinical facts should be marked unknown or pending, not filled in as normal defaults.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad everyday phrases such as “写病历”, “生成病历”, “病历助手”, and “入院记录”, plus English variants, which can plausibly appear in normal conversation and cause unintended activation. In a medical skill, accidental triggering is more dangerous because it can initiate collection or generation of sensitive health information without clear user intent.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The workflow explicitly collects patient complaint, sex, age, and additional medical details, but the index provides no warning, consent language, retention handling, or privacy safeguards for sensitive health information. Because this is a healthcare-context skill focused on admission records, the omission materially increases privacy and compliance risk if users provide protected medical data without informed notice.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: 触发词“写病历”过于宽泛，缺少适用场景、用户角色或任务边界约束，容易在普通对话中被误触发。对于会生成正式医疗文书的技能，这种歧义会导致代理在缺乏充分上下文、授权或核验的情况下进入病历生成流程，进而产生不当医疗记录或隐私处理风险。

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The phrase '或类似触发词' makes activation boundaries ambiguous, which can cause the skill to trigger on unrelated user requests and start soliciting medical details without sufficiently clear user intent. In a healthcare context, over-broad activation is more dangerous because it can lead to unnecessary collection of sensitive health information and generation of quasi-clinical documents in the wrong context.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This skill is designed to collect and structure highly sensitive medical personal information, including symptoms, sex, age, and related background details, yet it provides no privacy notice, consent flow, retention limits, or handling restrictions. In the medical context, that omission materially increases risk of unauthorized disclosure, overcollection, and user misunderstanding about how their health data will be processed.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Instructing the system to fill unspecified medical fields as 'normal' or with clinical defaults can fabricate facts in a medical record, creating inaccurate documentation that may mislead clinicians or downstream systems. Because this is a hospital-style admission record, invented normal findings can directly affect patient safety, treatment decisions, compliance, and legal accountability.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad, generic terms for common medical-writing tasks, so this skill can be invoked unintentionally during ordinary user requests. In a medical context, accidental routing is more sensitive because it may cause patient-information handling or structured clinical content generation to occur when the user did not explicitly choose this skill.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill is configured to auto-start whenever a trigger phrase is spoken, but it does not require clear medical-record intent or user confirmation before entering a sensitive workflow. In a healthcare context, broad auto-activation can cause unintended collection of personal health information during ordinary conversation, increasing privacy and consent risk.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad phrases like '写病历', '病历助手', and '入院记录', which can overlap with normal discussion, education, or quoting text rather than a request to invoke the skill. Because this skill handles sensitive medical data, accidental activation is more dangerous than in a low-risk domain and may prompt disclosure or generation of protected health information without clear intent.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The workflow explicitly collects and generates highly sensitive medical personal information, including symptoms, sex, age, and other demographic details, but provides no privacy notice, consent mechanism, retention statement, or warning about handling sensitive health data. This creates a significant risk of unauthorized disclosure, over-collection, and noncompliant processing of health information.

Missing User Warnings

High

Confidence: 97% confidence
Finding: 该示例明确引导用户提交并生成高度敏感的医疗健康信息与可识别个人信息，但未提供任何隐私提示、数据处理说明、最小化收集原则或使用边界。这会增加用户在不知情情况下提交敏感数据的风险，且示例中还展示了姓名、病案号、出生地、病史等高敏感字段，使该技能在医疗场景下更具数据泄露与合规风险。

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal