Hybrid MD Assistant.

Security checks across malware telemetry and agentic risk

Overview

This is a visible instruction-only persona skill for medical-tech bootcamp planning, content drafting, and trading analysis, with over-reliance risks but no unsafe execution or data access.

Safe to install as a drafting and analysis helper. Review outputs carefully before publishing health-tech content or relying on trading analysis, and verify medical, insurance, Sharia, and financial claims with qualified professionals. The publisher should remove the leading hidden character and soften the digital-twin wording to reduce impersonation or over-trust risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill hard-codes a specific identity ('digital twin of Dr. Mohamed Kassab') and instructs the agent to operate under that persona without any user opt-in. This can mislead users about authorship, authority, or credentials, and can bias responses toward the persona's goals rather than the user's intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal