Back to skill

Security audit

Medical Record Generator

Security checks across malware telemetry and agentic risk

Overview

This looks like a real medical-record drafting helper, but it handles sensitive health data and can save generated records locally without enough user-facing privacy controls.

Review before installing. Use only synthetic or properly authorized patient data, avoid unnecessary identifiers, do not treat default-filled normal findings as verified clinical facts, and save outputs only in approved secure locations with a clear deletion and retention plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description promises a constrained three-step medical-record workflow, but the finding indicates additional behavior such as writing generated records to the local filesystem and auto-filling medical content with defaults. In a medical context, undocumented data persistence and silent fabrication of clinical details can expose sensitive health information and create unsafe or misleading records, especially when users are not explicitly informed or asked to confirm these actions.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill can persist generated medical records to local disk even though its stated purpose is drafting records, and the saved content contains highly sensitive patient information. In a medical context, undisclosed local storage materially increases privacy and compliance risk because records may be written to insecure locations, retained unintentionally, or accessed by other users/processes on the host.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Local filesystem write capability is risky here because the skill handles medical-record content, which is sensitive by nature, and writing to the current working directory may place that data in an uncontrolled or shared location. The capability is broader than necessary for mere drafting assistance and can lead to confidentiality breaches or accidental data sprawl.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation phrases are very broad and include common terms such as 'medical record' and '入院记录', which could plausibly appear in ordinary user conversation. In a skill that handles sensitive health content, unintended invocation increases the chance of collecting or generating medical information without clear user intent, creating privacy and safety risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README promotes generation of medical records and shows structured patient fields, but it does not warn about handling protected health information, consent, storage, logging, or transmission safeguards. Because this skill is specifically designed for medical documentation, omission of privacy guidance materially increases the risk of exposing highly sensitive personal and health data.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation phrases include broad terms like '入院记录' and 'medical record', which can trigger the skill in contexts where the user did not intend to invoke a medical-record generation workflow. Because this skill handles highly sensitive health information, overbroad triggering increases the chance of collecting or processing medical data unexpectedly and routing user input into a template-driven record generator without clear consent.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill is designed to collect and generate medical-record content but does not warn users that they may be sharing sensitive personal health information. In this context, the absence of a privacy warning and data-handling notice is dangerous because users may disclose protected information without understanding retention, storage, or access implications, especially if the implementation also saves records locally.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list contains very generic phrases such as "入院记录" and "medical record" that can match ordinary user requests without making clear that a specialized medical-record-writing skill is being invoked. In a medical context, overly broad routing increases the chance of unintended activation, which can lead to sensitive health-related content being solicited or generated when the user did not explicitly opt into this workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example explicitly saves generated medical records to disk, which can expose highly sensitive health information if the file is written to an insecure location, retained longer than necessary, or accessed by unauthorized users. In a medical-record generation skill, demonstrating persistence without any warning about PHI/PII handling, storage location, encryption, access control, or deletion materially increases the risk of privacy and compliance failures.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Saving generated medical records without a user-facing warning or consent flow is dangerous because users may not realize protected health information is being stored on disk. In the healthcare context, silent persistence can violate privacy expectations and regulatory obligations, especially on unmanaged endpoints or multi-user systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The test script generates and persists a medical record to disk, and the content clearly contains health-related personal data fields and a diagnosis. Writing this data to a local file without minimization, anonymization, consent handling, retention controls, or even a warning increases the risk of unintended disclosure through developer machines, logs, backups, or shared workspaces.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.