Back to skill

Security audit

Personal Genomics

Security checks across malware telemetry and agentic risk

Overview

The skill appears to run locally rather than steal data, but it handles extremely sensitive DNA and health information with material privacy and medical-interpretation risks that need review.

Install only if you are comfortable with local tools processing raw DNA data and writing long-lived health and ancestry reports to disk. Keep generated JSON, HTML, PDF, and clinical exports out of synced folders and shared machines, delete them when done, and treat all cancer, medication, APOE, PRS, and other health outputs as informational until confirmed by qualified medical or genetic professionals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (74)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The docstring promises genome-to-AADR comparison and says analysis runs locally with no network requests, but the implementation only loads AADR annotation metadata and uses hardcoded haplogroup association tables. This is a security-relevant integrity issue because users may make privacy and decision-making choices based on materially false claims about what data is analyzed and what conclusions are supported.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The report text advertises capabilities such as finding ancient individuals who share haplogroups, identifying closest ancient population matches, and tracing geographic origins, but none of that analysis exists in the code. In a genetic-analysis context, overstated capabilities are dangerous because they can mislead users into overtrusting outputs about ancestry and sensitive biological data.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file-level privacy claim states that analysis runs locally with no network requests, which is true but incomplete: the script also creates a persistent reports directory in the user's home folder and writes sensitive DNA analysis outputs there. For genetic data, undisclosed local persistence is a real privacy risk because other local users, backups, sync tools, or later compromise of the machine can expose highly sensitive ancestry information.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The module is framed as a data quality utility, but it also derives a sensitive trait: biological sex from chromosome coverage. Inferring sensitive health/genetic attributes without clear disclosure or explicit opt-in creates a privacy and consent risk, especially if downstream consumers treat the output as routine quality metadata and surface or store it unexpectedly.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The docstring gives a privacy assurance that all analysis runs locally with no network requests, but it omits that highly sensitive genetic results are automatically persisted under the user's home directory. That is a meaningful privacy and transparency issue because users may reasonably infer their data is only processed transiently in memory, while the script actually leaves long-lived files containing health and trait inferences on disk.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The module-level claims say all markers are validated and appropriate for consumer genomics, but the public API also exports research-variant flagging and emerging-findings functionality. That mismatch can mislead downstream developers or users into overtrusting unvalidated or preliminary genetic interpretations, creating safety and compliance risk in a health-sensitive context.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module docstring understates the file's capabilities by listing only ROH and telomere analysis while the code also derives longevity and APOE-related results. In a genetics context, inaccurate scope disclosure is dangerous because it can bypass informed consent and lead downstream callers or users to invoke sensitive analyses they did not expect.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This code derives APOE genotype and longevity associations from raw genotypes, which is a sensitive health-adjacent inference with implications beyond simple trait reporting. Because the file's stated scope does not clearly authorize this capability, it creates a meaningful risk of undisclosed processing of sensitive genetic information and accidental disclosure of disease-relevant insights.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This code uses genetic inputs to infer recovery speed, inflammation tendencies, injury susceptibility, and brain-health-related exercise guidance, which crosses from simple athletic categorization into health-related profiling. That is dangerous because users may treat these outputs as medical or quasi-medical advice despite the weak/variable evidence base and absence of clinical safeguards, consent handling, or validation requirements.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module is documented as HLA-focused, but it silently includes non-HLA variants such as PTPN22, CTLA4, STAT4, NOD2, and others in the same analysis path. In a medical/genetic interpretation skill, this mismatch can mislead downstream agents or users about what was tested, what confidence to assign, and the clinical meaning of the output, increasing risk of incorrect health guidance or overclaiming HLA-based conclusions.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The function labels variants as pathogenic based solely on the presence of any genotype entry, while the code comment explicitly admits it does not know ref/alt and sets `is_carrier = True` unconditionally. In a hereditary cancer context, this can generate false positive BRCA/Lynch/TP53-style findings, potentially triggering severe medical, psychological, and family-level consequences from incorrect results.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The function documentation says Y-DNA analysis is only applicable for males, but the implementation goes further and infers sex from absence or presence of Y markers, returning labels like 'male' and 'likely_female'. Inferring sex from genotype data is a sensitive-attribute inference that may surprise users, create privacy/compliance issues, and can be inaccurate when coverage is sparse or data is incomplete.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
This is a real safety vulnerability. The CYP2D6 ultrarapid-metabolizer branch is incorrectly nested under the poor_metabolizer block, but the checker only iterates top-level status entries, so critical interactions such as codeine overdose risk for ultrarapid metabolizers will never be detected. In a medication-safety skill, silently missing a life-threatening pharmacogenomic contraindication can lead to dangerously false reassurance.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The finding is valid: the function presents polygenic risk scoring output with percentile estimates, risk categories, and clinical-sounding recommendations, but the implementation explicitly relies on a crude heuristic rather than validated population-specific PRS calibration. In a genetics/health context, this can mislead downstream systems or users into acting on inaccurate medical risk estimates, especially because the output language suggests meaningful individualized screening or prevention guidance.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The docstring materially overstates what the tool does by claiming X-chromosome analysis and autosomal phasing heuristics that are not implemented. In a genetics/privacy-sensitive context, this can mislead users into trusting inferred parent-of-origin results as more rigorous, comprehensive, or scientifically grounded than they are, which is a real security/safety issue because it can drive sensitive personal decisions based on inaccurate analysis.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README highlights agent-friendly JSON output and saved reports for extremely sensitive genetic data, but the nearby documentation does not clearly warn users that these artifacts persist on disk and may be accessible to other local users, backup systems, sync tools, or downstream agents. In the context of genomic data, exposing reports, ancestry, cancer risk, and pharmacogenomic findings can create significant privacy and discrimination risks even without any network exfiltration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes writing highly sensitive genomic reports to a predictable local directory and generating multiple exportable artifacts, but it does not place a clear warning at the storage/export point about the sensitivity of genetic and health data. Even if processing is local, these files may persist unencrypted, be indexed, backed up, shared, or accessed by other local users and tools, creating meaningful privacy exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises a genetic-counselor/clinical export without a prominent warning that exported files may contain sensitive genetic, hereditary cancer, ancestry, and pharmacogenomic information. Users or downstream agents could share these artifacts too broadly, causing privacy harm, discrimination risk, or accidental disclosure of medically sensitive information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script processes raw genetic data and persists a derived report containing highly sensitive health, ancestry, and trait inferences to a predictable local file without any consent prompt, retention control, or access protection. In a skill context, this materially increases privacy risk because downstream users or processes may not realize that long-lived, re-identifiable genomic insights are being written to disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script processes highly sensitive genetic and health-related data, then automatically writes multiple detailed reports to a fixed directory in the user's home folder without explicit consent or a prominent warning before persistence. This creates privacy risk through unintended retention, local compromise, backups/sync tools, shared accounts, or later discovery by other software or users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes genetic analysis results, including haplogroup information, to a persistent directory under the user's home folder without prompting, warning, or offering an opt-in. In the context of DNA analysis, this is sensitive personal data, so silent disk persistence increases the risk of unintended disclosure through shared accounts, backups, or other local access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes JSON and Markdown DNA analysis reports to disk automatically, without warning the user that sensitive genetic inferences will be persisted. This is dangerous because DNA-derived ancestry and haplogroup information is highly sensitive personal data, and silent storage increases the chance of unintended disclosure through shared accounts, endpoint monitoring, backups, or cloud-synced home directories.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script processes highly sensitive genetic and health-inference data and writes full results, summaries, and reports to persistent local files in a predictable directory under the user's home folder. On shared systems, backed-up endpoints, or misconfigured environments, this can expose medical, ancestry, carrier-status, and pharmacogenomic information long after the analysis completes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The dashboard generator embeds the full analysis JSON directly into an HTML file and can automatically open it in a browser, increasing exposure of extremely sensitive genetic data. Browser-readable artifacts may be retained in history, cache, session restore, indexing, screenshots, sync features, crash reports, or accessed by local browser extensions, making disclosure more likely than plain local storage alone.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The dashboard handles highly sensitive personal genomics data and offers one-click printing/export without an explicit warning or confirmation about the sensitivity of the output. Users may inadvertently create persistent PDF or paper copies containing health risk, ancestry, and carrier-status information, increasing the chance of privacy exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.