Back to skill

Security audit

Medical Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a simple medical billing audit helper, but its output may contain sensitive hospital or billing information that should be reviewed before sharing.

Install only if you are authorized to audit the hospital billing file. Review any generated table or administrator message for patient identifiers, procedure details, and financial information before sharing, and prefer your organization's approved secure communication channel over WhatsApp.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase 'When asked to perform a medical audit' is broad enough that the skill may activate in contexts beyond the intended hospital revenue-review workflow. Because the skill processes medical and billing data, ambiguous invocation boundaries increase the chance of unintended access, analysis, or disclosure of sensitive information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to draft a WhatsApp message about billing updates without any safeguard against including protected health information, billing details, or other sensitive operational data. In a medical context, sending or preparing content for consumer messaging platforms can create privacy, compliance, and data-leakage risks, especially if minimum-necessary disclosure and secure-channel requirements are not enforced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.