Diagnostics-PMPH-10edition

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed medical education skill collection with no malware-like install behavior, but it contains detailed clinical procedure, medication, and emergency-management guidance that needs human review before use.

Review this skill before enabling it broadly. It is best treated as a clinician-supervised education/reference collection, not a patient self-care tool or autonomous clinical decision system. Pay particular attention to subskills covering invasive procedures, sedatives/anesthesia, anticoagulation, emergency ECG or kidney-failure handling, and tuberculosis interpretation; require qualified clinician oversight, current local guidelines, and clear escalation rules before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (27)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is scoped as a bowel preparation workflow, but it also includes sedation/anesthesia instructions, which materially expand it into procedural medication management. That creates unsafe scope creep because users may rely on the skill for higher-risk clinical actions without the manifest, safeguards, or role restrictions clearly reflecting that capability.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Sedation and anesthesia are high-risk clinical interventions that are not justified by a skill whose stated purpose is colonoscopy bowel preparation. Including them without a clearly defined qualified-operator context, pre-assessment requirements, and emergency monitoring guidance increases the chance of inappropriate use or overreliance on incomplete instructions.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The skill states that in unvaccinated children, any positive PPD should be treated as active tuberculosis, which is clinically incorrect because PPD indicates TB sensitization/infection risk, not active disease by itself. This can drive inappropriate diagnosis, isolation, treatment, or delayed evaluation of the true cause, especially in a pediatric setting where confirmatory assessment is essential.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill gives concrete next-step medical recommendations, including imaging, tumor markers, and specialist referral, but does not warn that it is only an aid and not a substitute for clinician judgment or urgent evaluation. In a medical diagnostic context, omission of escalation guidance can delay recognition of time-sensitive causes of an abdominal mass, such as malignancy, abscess, bowel obstruction, or vascular emergencies.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill gives step-by-step instructions for palpating abdominal and flank tenderness points and interpreting the findings as disease localization, but it does not explicitly warn that this is a limited screening maneuver, not a diagnosis, and should be performed only by trained clinicians with attention to contraindications and patient safety. In a medical context, omission of those guardrails can lead to misapplication, excessive pressure, false reassurance, or delayed care if users over-trust the output.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are broad enough to activate in many routine hepatology or abnormal-lab contexts, which can cause the skill to be applied without sufficient clinical framing or patient-specific context. In a medical diagnostic skill, overly permissive activation increases the chance of inappropriate escalation, anchoring on hepatocellular carcinoma, or use by non-expert operators outside the intended workflow.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill recommends immediate imaging and biopsy as action outputs without a strong warning that these are support recommendations rather than standalone directives. In a clinical environment, this can drive unnecessary invasive workup, overdiagnosis, or premature diagnostic closure, especially because AFP/AFP-L3 are imperfect markers and benign liver disease can elevate AFP.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill provides step-by-step clinical examination instructions that could be followed by untrained users, yet it does not include any warning that the content is educational, not a substitute for professional medical judgment, and should be performed only by trained clinicians. In a medical skill library, omission of supervision and scope limitations creates a real safety risk because incorrect performance or interpretation can delay diagnosis, cause false reassurance, or lead to inappropriate care decisions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill provides structured clinical diagnostic guidance and even states it 'must' be used in relevant scenarios, but it does not include a clear warning that it is not a substitute for clinician judgment, local protocols, or urgent escalation when red-flag symptoms are present. In a medical context, omission of such guardrails can encourage over-reliance on the workflow and delay emergency recognition or specialist involvement, increasing patient-safety risk.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill provides structured medical diagnostic reasoning and recommends prioritizing diagnoses plus next-step testing or treatment direction, but it does not warn that this guidance is informational only and must not replace clinician judgment or urgent/emergency evaluation. In a medical context, omission of such guardrails can encourage unsafe reliance by non-clinicians or overconfident use in high-acuity scenarios, increasing risk of delayed care, misdiagnosis, or harmful self-management.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly recommends using '治疗实验验证'—trying a targeted treatment and judging the diagnosis by whether the patient improves—without any safety disclaimer that this is informational and must not be used to start, stop, or change real treatment without qualified clinical supervision. In a clinical diagnostic skill, that omission is dangerous because users may infer that empiric treatment is an acceptable validation step, which can cause misdiagnosis, delayed correct care, medication harm, or inappropriate self-treatment.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are very broad: any physician performing diagnosis or clinical decision-making with initial clinical data could invoke this skill. In a medical context, over-broad activation can cause the agent to apply generic reasoning guidance inappropriately or too often, potentially shaping clinical advice without clear boundaries, supervision requirements, or contraindications. This is more concerning because the skill operates in a high-stakes healthcare setting where ambiguous invocation can affect patient-related decisions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This skill provides concrete diagnostic thresholds and disease classification guidance for diabetes and hypoglycemia but does not include a clear user-facing statement that the content is informational, not a substitute for clinician judgment, and not appropriate for urgent or emergency decision-making. In a medical context, users may over-rely on the skill for self-diagnosis or delayed care, especially when abnormal glucose values or hypoglycemia are involved, which can lead to significant patient harm.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill provides specific anesthetic and sedative medication instructions, including drug names, concentrations, routes, and doses, but does not explicitly require qualified clinician supervision, patient-specific contraindication review, monitoring standards, or emergency readiness tied to medication administration. In a clinical workflow skill, this omission can encourage unsafe autonomous use of sedatives or anticholinergics, increasing risk of respiratory depression, aspiration, allergic reactions, arrhythmia, or other medication-related harm.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill gives actionable medical management instructions to adjust heparin dosing and suspend therapy based on lab values, but it does so without any explicit clinician-only warning, emergency escalation guidance, or requirement for patient-specific verification. In an anticoagulation context, incorrect autonomous dose changes or drug suspension can directly cause major bleeding, thrombosis, or missed recognition of HIT, making this especially dangerous.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill provides emergency-risk ECG interpretation thresholds and directs urgent intervention for suspected hyperkalemia, but it does not clearly state that it is decision support only and must not replace clinician judgment or urgent escalation protocols. In a real clinical workflow, users may over-rely on the listed potassium cutoffs and ECG patterns despite the document itself noting imperfect correlation, which could delay treatment or create unsafe false reassurance.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The markdown instructs use of prescription/supportive drugs and sedation-related steps, but does not clearly warn that these actions must only occur under qualified clinician direction and carry significant safety risks. In a medical skill, omission of those warnings can enable unsafe self-administration or use by inadequately trained personnel.

Missing User Warnings

High

Confidence: 96% confidence
Finding: This skill gives a step-by-step invasive liver biopsy procedure with exact anatomical landmarks, needle specs, depth, suction volume, and post-procedure steps, but it does not explicitly restrict use to licensed clinicians in an appropriate medical setting or warn about major complications such as hemorrhage, pneumothorax, bile leak, infection, or death. Because the content is operationally complete enough to guide performance of a high-risk procedure, an unqualified or unsupervised user could attempt it and cause severe harm.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger condition is broad enough that ordinary auscultation scenarios with any adventitious breath sound could invoke the skill, increasing the chance of unnecessary or inappropriate use. In a clinical diagnostic context, mis-triggering can bias interpretation and lead users toward premature differential diagnosis without confirming whether the finding is clinically significant.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill produces likely etiologies from auscultation findings but does not state that its output is only supportive and cannot replace clinician judgment, formal diagnosis, imaging, or laboratory evaluation. In a medical setting, that omission can cause overreliance on a simplified heuristic and contribute to misdiagnosis, delayed escalation, or inappropriate treatment decisions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill gives step-by-step instructions for an invasive lymph node aspiration, including needle size, aspiration technique, and repeat puncture guidance, but does not warn that this procedure requires trained clinical personnel, sterile technique, patient selection, consent, and management of complications such as bleeding, infection, or injury to adjacent structures. In an agent-skill context, this omission materially increases the risk that an unqualified user could attempt the procedure or that the procedure could be presented without adequate safety framing.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill hard-codes Chinese obesity criteria (BMI ≥ 28 kg/m²) while also mentioning WHO criteria, but it does not require the user to choose the applicable guideline or clearly constrain use to a China-specific clinical context. In a medical diagnostic skill, silently applying locale-specific thresholds can misclassify patients near cutoff values, leading to inconsistent screening, unnecessary concern, or missed intervention depending on the user's jurisdiction and population standard.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill gives triage and treatment-oriented guidance for suspected myocardial ischemia, including deciding on urgent intervention and naming drug classes, but it does not clearly warn that this is not a substitute for clinician judgment or emergency care. In a chest-pain context, users may over-rely on the skill and delay emergency evaluation or apply recommendations outside proper supervision, which can cause severe harm.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill gives urgent management instructions such as immediate fluid resuscitation, relief of obstruction, and dialysis-related escalation without an explicit warning that these are clinician-only actions requiring verification against the patient's full condition. In a medical skill covering acute kidney injury, omission of supervision and contraindication checks is dangerous because incorrect categorization can directly worsen shock, precipitate pulmonary edema, or delay lifesaving intervention.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document provides actionable clinical interpretation and management-oriented advice without a clear warning that PPD results require professional interpretation and often confirmatory evaluation. In a medical diagnostic skill, omission of such caution can lead users to act on incomplete information, including misclassification of latent versus active TB or false reassurance from negative results.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal