unisound-med-teach

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward clinical teaching case generator, but users should only provide de-identified case text because it sends prompts to a model API.

Install only if you are comfortable using the listed medical model API for this workflow. Use de-identified teaching cases, protect the app key, verify any custom --api-url before use, and store output files securely because they may include clinical text and local file paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: Allowing callers to override the API URL, model, and especially the system prompt materially changes the trust boundary of the skill. In this skill's context, those options can redirect sensitive medical question content to an unintended endpoint or weaken the built-in safety instructions, increasing the risk of data leakage and policy bypass.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends user-supplied question content, and may also include medically sensitive case text, to a remote API without any explicit consent flow, sensitivity warning, or redaction step. In a medical teaching context, this is more concerning because prompts may contain patient-like clinical details, creating confidentiality and compliance risks if operators assume processing is local or internal-only.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal