Security audit

Two Sample Mr Research Planner

Security checks across malware telemetry and agentic risk

Overview

This is a text-only biomedical research planning skill with no automatic execution, credentials, persistence, or hidden system access; the main caveat is a documented ancestry-selection default users should review for their study context.

Before installing, treat this as research-planning assistance rather than medical advice. Check that any suggested ancestry matching, GWAS source, and example R code fit your actual study population and data access. The reviewed artifacts do not show hidden execution, credential handling, data exfiltration, persistence, or privileged access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: This markdown file includes natural-language guidance to 'Default to European ancestry (EUR)' for primary analysis. Under the stated policy, forcing a specific language/locale or analogous population preference without explicit user opt-in can be a policy concern unless the constraint is clearly documented and justified; here a brief methodological rationale is given, but it still sets a default preference rather than presenting a user choice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal