Security audit

Neurology-PMPH-9edition

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it can automatically provide high-stakes neurology diagnosis, emergency treatment, medication dosing, and procedure guidance without consistent runtime safety limits.

Install only if you intend to use it as educational or clinician-reviewed reference material. Do not rely on it for self-diagnosis, emergency care, prescribing, dosing, surgery, or interventional decisions; outputs should be checked against current local protocols and qualified medical judgment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (36)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation guidance tells users to invoke the skill by name or by describing a clinical scenario, which is broad enough to trigger the skill in many ambiguous contexts. In a high-stakes neurology skill, this can cause the model to provide specialized diagnostic or treatment guidance without clear scope checks, patient-specific safeguards, or confirmation that clinical decision support is appropriate.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This skill covers acute stroke intervention, neurosurgical indications, seizure emergencies, and other time-critical medical decisions, but it provides no warning that outputs should not substitute for professional judgment. In such a high-stakes clinical domain, omission of a clear safety disclaimer increases the risk that users may rely on the skill for real-world diagnosis or treatment decisions, potentially causing severe patient harm.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad terms such as '脑出血', 'ICH', '甘露醇', '高血压', and '癫痫' that can appear in many adjacent clinical discussions, making unintended invocation likely. Because this skill produces high-risk medication dosing and acute management recommendations, accidental activation could surface inappropriate brain hemorrhage treatment guidance in the wrong patient context or before key exclusions are verified.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The skill gives concrete recommendations for high-risk stroke endovascular interventions such as mechanical thrombectomy, intra-arterial thrombolysis, angioplasty, and stenting, but does not prominently state that this is not a substitute for real-time evaluation by a qualified stroke/interventional team. In a time-critical, invasive medical context, omission of this warning can lead users to over-rely on the skill for patient-specific treatment decisions, increasing the risk of severe harm or death.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill declares very broad symptom- and keyword-based activation criteria such as weakness, atrophy, pyramidal signs, psychiatric/behavioral changes, seizures, and cognitive impairment. In a clinical assistant context, this can cause unintended invocation for overlapping neurologic or psychiatric presentations, leading the agent to apply a narrowly scoped diagnostic pathway prematurely and increasing the risk of misleading medical guidance.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill gives step-by-step imaging measurements and diagnostic thresholds that culminate in '确诊' and treatment-relevant conclusions, but it does not warn that the output is only informational and must not replace clinician judgment. In a medical context, especially for craniovertebral junction abnormalities that can influence surgical decisions, omission of such guardrails can cause users to over-trust the skill and act on an incorrect or incomplete diagnosis.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger list includes broad generic terms such as DSA, 脑血管狭窄, and 血管直径测量 that could activate the skill during general clinical discussion rather than an explicit request for stenosis computation. In this context, unintended invocation is risky because the skill's output can influence interventional planning and device selection, increasing the chance of users receiving procedural guidance without deliberate intent or sufficient context.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill explicitly states that its results will guide surgery and stent/balloon selection, but it does not present a user-facing warning about the high-stakes nature of this use or the need for specialist verification. In a neurology/neurointerventional context, omission of such guardrails is dangerous because an incorrect measurement, wrong vessel classification, or incomplete imaging context could directly affect invasive treatment decisions.

Missing User Warnings

High

Confidence: 95% confidence
Finding: This section gives emergency treatment steps for contrast-media anaphylaxis, including epinephrine administration and airway/circulatory stabilization, but does not clearly state that the content is for trained clinicians under urgent medical supervision. In an agent setting, users may treat this as actionable self-care or non-specialist guidance, creating a real risk of delayed emergency response, incorrect dosing/route selection, or harmful medication use during a life-threatening event.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This section provides specific high-risk dosing and escalation instructions for severe reactions and cardiac arrest, including IV epinephrine, intubation, fluid boluses, steroids, ICU monitoring, and ACLS-linked care, without an explicit scope limitation or safety gate. That materially increases the chance that an unqualified user could attempt dangerous interventions or that a clinician could rely on incomplete protocolized text outside institutional safeguards.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill provides deterministic clinical decision logic for neurosurgical decompression and CSF shunting without any explicit warning that the output is informational only and must be confirmed by a qualified neurosurgeon. Because it targets high-risk diagnosis and treatment decisions for Chiari malformation, users could over-rely on the generated recommendation and apply unsafe or incomplete management in real patients.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill gives detailed medical treatment instructions for chronic hyponatremia correction, including sodium correction thresholds, contraindications, and CPM management, but does not prominently warn that it is not a substitute for clinician judgment or emergency care. Because electrolyte correction errors can cause severe neurologic injury, users may over-rely on the skill and apply guidance outside its safe scope, especially in urgent or atypical cases.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list is very broad and includes generic clinical terms such as '脑膜炎', '脑炎', '脑脊液', 'CSF', and '抗感染', which are likely to appear in many routine neurology or infectious-disease discussions. Because this skill is marked 'always: true', overbroad activation could cause the agent to invoke treatment-oriented guidance in situations where the user did not request this specialty workflow, increasing the chance of inappropriate or premature medical recommendations.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list includes broad generic neuromuscular and diagnostic terms such as '肌强直', '肌电图', 'SCN4A', and disease-comparison terms that can appear in many non-target contexts. Because the skill is marked 'always: true', these broad triggers increase the chance of activation in unrelated neurology cases, which can steer the agent toward an overly specific congenital myotonia workflow and produce misleading clinical guidance.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill provides detailed medical diagnosis and treatment guidance, including differential diagnosis and drug dosing, but does not warn users that the content is not a substitute for licensed clinical judgment or emergency care. In a clinical or patient-facing setting, this can encourage overreliance on the skill, delay escalation, or lead to unsafe self-management of serious neurologic disease.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes very broad terms such as '发作', '抽搐', '脑电图', and common drug names, which can cause the skill to activate in contexts that are not specifically requesting epilepsy management. In a medical skill, unintended activation is risky because it may surface specialized diagnostic or treatment guidance when the user meant a different condition or only wanted general information.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This skill provides concrete diagnostic criteria, differential diagnosis, syndrome classification, and medication selection for a high-risk neurological condition, including emergency thresholds for status epilepticus, but it does not include strong user-facing warnings to seek licensed medical evaluation or emergency care. In this context, omission of explicit safety guardrails is especially dangerous because users may act on medication advice, delay urgent treatment, or self-diagnose based on incomplete information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill provides procedural guidance for EEG provocation techniques such as hyperventilation, photic stimulation, and sleep induction, which can precipitate seizures or other adverse events, but it does not clearly require trained clinical supervision, patient selection, contraindication screening, emergency preparedness, or a non-self-use warning. In a medical skill focused on seizure evaluation, omission of these safeguards materially increases the risk that a user could attempt or recommend unsafe testing in an inappropriate setting.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill provides concrete clinical decision thresholds, contraindication screening, peri-procedural management, and post-operative treatment actions for carotid artery stenting without any explicit warning that it is informational only or that decisions must be made by qualified clinicians. In a high-risk medical context involving invasive vascular intervention, users could over-rely on the skill's output and make unsafe treatment decisions, especially because the content is framed as an authoritative workflow and report template.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill provides concrete treatment recommendations to initiate corticosteroids, add immunosuppressants, and consider IVIG or plasma exchange, but it does not include an explicit safety warning, requirement for licensed clinician oversight, or guardrails about confirming diagnosis and monitoring adverse effects. In a high-risk medical context, this can enable inappropriate treatment of a diagnosis of exclusion, leading to delayed recognition of infection or other causes of encephalopathy and exposing patients to serious harms from steroids and immunosuppression.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill provides condition-specific treatment selection, prescription-strength medications, contraindications, and dosing details for headache disorders, including triptans, verapamil, lithium, corticosteroids, and injectable therapies, but does not include clear user-facing guardrails to rule out secondary headache emergencies or require clinician supervision. In a consumer-facing agent, this can encourage self-diagnosis and self-treatment of symptoms that may actually represent subarachnoid hemorrhage, meningitis, acute glaucoma, temporal arteritis, hypertensive crisis, stroke, or other urgent conditions, leading to delayed care or unsafe medication use.

Vague Triggers

High

Confidence: 89% confidence
Finding: The skill is configured with always: true, causing it to activate regardless of user intent. In a medical skill that contains broad diagnostic and treatment guidance, this increases the chance of inappropriate invocation, irrelevant medical advice leakage into unrelated conversations, and unsafe overreach when a more suitable skill or normal routing should be used.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains very broad symptom terms such as muscle weakness, muscle atrophy, and ataxia that are common across many neurologic and non-neurologic conditions. This can cause the skill to activate outside its intended hereditary neuromuscular scope, increasing the chance of irrelevant or misleading diagnostic guidance in a clinical context.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This skill gives concrete neurosurgical triage and procedure-selection guidance for intracerebral hemorrhage, including operative thresholds, timing, and recommended procedures, but it does not clearly state that it is only informational support and cannot replace urgent evaluation by qualified neurosurgery/stroke teams. In a high-acuity condition where delays or inappropriate surgery decisions can cause death or permanent disability, omission of that warning materially increases the risk that users over-rely on the tool.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This skill provides actionable acute stroke management guidance, including thrombolysis/thrombectomy eligibility, contraindications, blood pressure targets, and exact rtPA/urokinase dosing, but does not prominently warn that it is not a substitute for immediate clinician judgment or emergency care. In this context, omissions or misapplication could directly cause hemorrhage, treatment delay, or inappropriate exclusion from time-sensitive reperfusion therapy, making the absence of clear safety framing dangerous.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal