Medical Document Processor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a medical-document helper with sensitive but purpose-aligned behavior, and the only noted issue is broad activation wording.

Install only if you intend to use it for medical or clinical document processing. Because health records can contain sensitive personal information, avoid pasting unnecessary identifiers and confirm the skill is appropriate before using it on patient-specific content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are quite broad, including generic terms like 'medical document', 'clinical notes', and common Chinese medical-record terms. This can cause the skill to activate during ordinary medical discussion and route sensitive health-related content into a workflow that processes potentially regulated personal data, increasing the risk of unintended disclosure or overcollection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal