Back to skill

Security audit

医疗报告解读助手

Security checks across malware telemetry and agentic risk

Overview

This is a simple medical report explainer with clear disclaimers and no executable code, though users should be careful sharing health details.

Before using this skill, remove names, ID numbers, addresses, hospital numbers, and other identifiers from reports. Treat its output as general explanation only, not medical diagnosis or treatment advice. The external commercial link is optional marketing content and is not needed to use the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The skill includes an unrelated promotional referral to an external commercial site at the end of a medical-report interpretation tool. In a medical context, unnecessary outbound promotion can erode trust, create undisclosed commercial influence, and redirect users seeking health guidance toward nonessential third-party content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.