Back to skill

Security audit

Health Report

Security checks across malware telemetry and agentic risk

Overview

This is a simple health-summary skill that handles sensitive user-provided health information, but it does not include code, hidden data access, automatic sharing, or persistence.

Install only if you are comfortable asking an assistant to organize sensitive health details. Before exporting or sharing a generated report, review it for accuracy, remove details that are not needed, and send it only through a trusted channel to an intended recipient such as your clinician.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly offers to export or share a health report containing highly sensitive medical information, but it provides no privacy notice, consent requirement, destination validation, or handling guidance. In a health context, this omission increases the risk of unintended disclosure of protected personal data through insecure sharing, over-broad transmission, or user misunderstanding about where the data will go.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.