Security audit

Medication Safety Advisor

Security checks across malware telemetry and agentic risk

Overview

This instruction-only medication skill is not malware, but it gives concrete medication-change guidance that needs careful clinical review before use.

Install only if a licensed clinician or pharmacist will review outputs before any prescribing, dispensing, substitution, dose-change, or medication-hold decision. Do not enter patient identifiers or PHI, and treat formulary, dosing, and interaction recommendations as prompts for professional verification rather than instructions to follow.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill states it is only for safety checks and not for prescribing decisions, yet multiple examples provide concrete clinical actions such as holding a statin, switching antibiotics, reducing warfarin dose by 30–50%, and adjusting digoxin management. In a healthcare context, this contradiction can cause users to rely on the tool for treatment decisions without adequate clinician validation, increasing the risk of patient harm.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented feature set includes suggesting therapeutic alternatives when a drug is not covered, which goes beyond a passive safety-information role into clinical decision support and treatment recommendation. In a medication-related skill, recommending alternatives without patient-specific review can lead to inappropriate substitutions, contraindications, or coverage-driven care decisions that compromise safety.

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The skill says that without a formulary API key it will not provide estimated or cached tier data, but the example output includes estimated copays, prior authorization, and step therapy details as though authoritative data were available. This mismatch can mislead users into trusting fabricated or unavailable benefit information, potentially affecting medication access decisions and delaying appropriate treatment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.