Back to skill

Security audit

Nexus Clinical Case Gen

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only medical education skill with no executable code or data access, though its workflow is generic and users should verify medical content independently.

Install only as an educational drafting aid. Verify citations, differential diagnoses, clinical facts, confidence scores, and OSCE rubrics against trusted medical sources, and avoid entering real patient identifiers or sensitive learner records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documented workflow describes a generic audit/triage pipeline with severity-rated findings, improvement proposals, and cross-validation rather than behavior specific to a medical case generator. This kind of purpose drift is dangerous because it can cause the agent to perform unintended analysis tasks, mishandle user prompts, or emit authoritative-seeming medical content using an ill-suited evaluation framework.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The guidelines impose generic security/audit-style severity classes and impact-effort scoring that do not align with clinical education outputs. In a medical education context, this mismatch increases the risk of unsafe or misleading behavior because the model may structure responses as risk findings instead of pedagogically appropriate, medically contextualized cases and evaluations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.