Pharmaceuticals Exploration Zhcn

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PatSnap pharmaceutical research skill that uses an API key and external research sources in ways that fit its stated purpose.

Install only if you are comfortable connecting your agent to PatSnap and exposing pharmaceutical research queries to PatSnap, and sometimes to web search providers when database results are insufficient or current information is requested. Use a dedicated or revocable API key, verify the PatSnap endpoint, and avoid submitting confidential research questions unless the provider's data handling is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Allowing discretionary network search beyond the manifest's declared data sources expands the skill's trust boundary and can pull in unvetted external content. In an agent setting, this increases the risk of prompt injection, data contamination, and unintended transmission of sensitive user queries to third-party search providers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal