Back to skill

Security audit

Medical Dental Appointment Pilot

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it asks an agent to handle medical appointment data and booking workflows without enough privacy, storage, or human-control boundaries.

Install only as a draft scheduling prompt or staff-assisted intake aid. Do not connect it directly to live clinic schedules, patient records, insurance systems, Google Sheets, or APIs until a clinic defines secure collection, storage, retention, credential scoping, and human confirmation for bookings and urgent-care handoffs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to collect a patient's name, insurance provider, and preferred practitioner without first presenting a clear privacy notice, consent boundary, or data-minimization guidance. In a medical context, even seemingly limited scheduling data can be regulated or sensitive, and the absence of explicit handling constraints increases the risk of unnecessary PHI/PII collection, insecure logging, and downstream disclosure through connected sheets or APIs.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The emergency rule relies on a short, context-free keyword list ("chest pain", "bleeding", "unconscious"), which can both miss urgent variants and fire on ambiguous mentions without clinical context. In a medical scheduling agent, weak emergency triage logic is dangerous because it may fail to escalate a real emergency or provide an inappropriate generic response, creating patient safety and liability risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.