Security audit

Psychiatry-PMPH-9edition

Security checks across malware telemetry and agentic risk

Overview

This is a text-only psychiatry reference skill with no executable behavior, but it needs Review because it gives high-stakes medical and legal guidance without consistent safeguards.

Install only if this will be used as supervised reference material for qualified mental-health, medical, or legal professionals. Do not rely on it for diagnosis, prescribing, emergency care, involuntary treatment, legal capacity, or guardianship decisions without licensed review, local protocols, current guidelines, and privacy controls for patient data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (34)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill’s stated output exceeds a clinical/forensic assessment role and instructs the system to '依法指定法定监护人', which is a legal adjudicative act rather than an expert opinion. In a high-stakes forensic psychiatry context, this can cause the agent to overstep into unauthorized legal decision-making, producing misleading or unlawful guidance that could affect a person’s autonomy and legal rights.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The document contains an internal contradiction: it says the skill does not replace final judicial authority, yet later directs outputs that directly designate a legal guardian. This inconsistency is dangerous because downstream users may rely on the stronger operational instruction, causing the agent to present unauthorized legal determinations as if they were proper forensic conclusions.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README claims users can simply ask questions and automatically obtain solutions from the textbook, but it does not clearly state that outputs are educational support rather than authoritative clinical decisions. In a psychiatry skill, this can encourage overreliance on model-generated guidance for diagnosis or treatment, increasing risk of unsafe care, especially in emergency or high-acuity situations.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The README uses broad marketing-style invocation text such as asking users to 'just ask a question and get a solution directly from the textbook,' which can encourage overly generic triggering rather than narrow, explicit invocation. In an agent ecosystem, this can cause unintended activation in unrelated contexts, increasing the chance the skill is invoked when its psychiatric guidance is not appropriate or sufficiently scoped.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation guidance is very broad ('use the skillset ... help me analyze...'), which increases the chance of unintended invocation in ambiguous user requests. In a safety-critical psychiatry context, accidental triggering could lead to unqualified mental health or emergency guidance being surfaced without clear user intent or appropriate safeguards.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill advertises broad psychiatric diagnosis, treatment, emergency intervention, legal, and pharmacotherapy support but provides no user-facing warning that the content is informational and not a substitute for licensed clinical judgment or emergency services. Because the domain includes suicide risk, involuntary treatment, overdose, and medication management, missing warnings materially increase the risk of harmful reliance by end users.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The file provides specific medication names, titration schedules, target doses, and combination guidance for Alzheimer’s disease and BPSD without an explicit warning that treatment must be individualized and supervised by a qualified clinician. In a medical decision-support skill, users may over-trust the content and apply it directly despite important patient-specific contraindications, comorbidities, drug interactions, renal/hepatic impairment, ECG risks, and boxed warnings for antipsychotic use in dementia.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill provides structured psychiatric diagnosis and medication guidance, including benzodiazepines, SSRIs/SNRIs, antipsychotic augmentation, and treatment timelines, but it does not include any safety boundary directing users to qualified clinicians or emergency services for suicidality, severe agitation, psychosis, medication adverse effects, or medical-rule-out scenarios. In a mental health context, omission of escalation and supervision warnings can lead users to self-diagnose, delay urgent care, or attempt unsafe medication decisions based on the content alone.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This checklist presents detailed symptom patterns and clinical decision cues for bodily distress disorder without a prominent warning that it is informational only and not a substitute for urgent medical evaluation. In a healthcare support skill, users may over-attribute serious cardiopulmonary, neurologic, or gastrointestinal symptoms to a psychiatric or functional condition and delay emergency or specialist care, creating a meaningful patient-safety risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill provides structured medical diagnostic guidance for suspected dementia, including screening-tool selection, differential diagnosis, and required output fields, but does not explicitly warn that it is only decision support and not a substitute for qualified clinical judgment. In a patient-care context, omission of that warning can encourage overreliance on the skill’s output, increasing the risk of misdiagnosis, delayed recognition of delirium or depression, and inappropriate treatment decisions.

Missing User Warnings

High

Confidence: 93% confidence
Finding: The file includes specific IV/medication dosing instructions for suggestive treatment, including barbiturates and injectable agents, without any clinician-only restriction, contraindication guidance, monitoring requirements, or emergency-use warning. In a general-purpose agent skill, this can enable unsafe medication administration, misuse by unqualified users, or harmful overreliance on incomplete dosing information divorced from patient assessment and resuscitation context.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The file gives procedural instructions for high-risk clinical interventions including IV barbiturate/sedative use, electrical stimulation, and MECT-related treatment context without explicit safety framing, contraindications, monitoring requirements, consent details, or a clear statement that these actions must only be performed by qualified clinicians in appropriately equipped medical settings. In a reusable agent skill, this omission is dangerous because the content can be surfaced out of context as actionable guidance, increasing the risk of unsafe administration, patient harm, overdose, respiratory depression, cardiac complications, retraumatization, or misuse by inadequately trained users.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This skill provides structured complication triage, mortality risk, relapse estimates, and intervention prompts for eating disorders without an explicit user-facing warning that the output is only decision support and cannot replace urgent clinical assessment. In this domain, users may over-trust the model’s prognosis or fail to escalate immediately dangerous signs such as electrolyte abnormalities, arrhythmia risk, bradycardia, hypothermia, bowel obstruction, or poisoning, creating a real patient-safety risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This reference material discusses severe medical complications, mortality, and suicide-related outcomes for eating disorders, but provides no crisis guidance, emergency escalation language, or clinician-facing caution about urgent referral. In a clinical decision-support skill, omission of safety framing can contribute to unsafe use by non-specialists or inappropriately reassure users that the content is purely informational when it includes high-risk situations requiring immediate action.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger description is broad enough to activate the skill across many psychiatric care scenarios without clear exclusion criteria or scope limits. In a clinical context, over-broad invocation can cause the system to provide rehabilitation plans for inappropriate patients or contexts, increasing the risk of unsafe or irrelevant guidance.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs collection and structuring of highly sensitive psychiatric and health information into a patient_profile object but does not warn about minimum necessary data use, consent, de-identification, storage, or access controls. Because psychiatric data is especially sensitive, this omission raises the risk of privacy violations, unauthorized disclosure, and unsafe downstream handling of protected health information.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The file gives concrete medication names, maintenance doses, and titration schedules for controlled or high-risk drugs without any visible warning that the material is for clinician-guided reference only. In a medical skill, especially one covering psychiatry and sleep disorders, this can enable unsafe self-medication, misuse, overdose, drug interactions, or inappropriate treatment selection if surfaced directly to end users.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger terms are broad for a high-risk psychiatric coercive-care skill, including generic phrases such as '送诊', '精神障碍住院', and '强制医疗程序' without requiring legal, clinical, or role-based qualifiers. This can cause the skill to activate in ambiguous or inappropriate contexts, leading non-specialist users or automated agents to receive actionable guidance on involuntary treatment or coercive intervention when it is not warranted.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill provides emergency recognition and treatment guidance for serotonin syndrome, including instructions to stop medications and seek supportive care, but it does not clearly warn users that this content is informational only and not a substitute for urgent in-person medical evaluation. In a psychiatric context, users may be patients, caregivers, or non-specialists, and omission of a prominent emergency disclaimer could delay urgent care or encourage unsafe self-management during a potentially life-threatening condition.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This skill provides detailed psychiatric assessment and treatment guidance, including diagnostic criteria and medication recommendations for delirium, vascular dementia, and disruptive behavior disorders, without any user-facing warning that it is not a substitute for clinician judgment or emergency evaluation. In a high-risk medical domain, omission of such guardrails can lead users to over-rely on the skill for diagnosis or medication decisions, potentially delaying urgent care or causing unsafe treatment actions.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The file provides concrete medication names, indications, dose ranges, titration schedules, and monitoring targets for vascular dementia without any visible warning that it is reference material requiring qualified clinician oversight. In a clinical decision-support skill, this can be surfaced out of context, increasing the risk of inappropriate self-medication, unsafe prescribing, or misuse in patients with contraindications such as bleeding risk, renal impairment, frailty, or cerebrovascular vulnerability.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill provides pediatric diagnostic framing, differential diagnosis, and medication-planning guidance for neurodevelopmental disorders without an explicit warning that it is not a substitute for in-person evaluation by a qualified clinician. Because it covers children and names prescription drugs with selection criteria and monitoring notes, users could over-rely on the output for real medical decisions, leading to misdiagnosis, delayed care, or unsafe treatment choices.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The file provides detailed emergency oxygen therapy thresholds, intubation preparation guidance, injectable and oral vitamin B12 regimens, and prescription medication dosing without any warning that these are for licensed clinicians or that they require individualized medical judgment. In an agent skill context, this can enable unsafe self-treatment or overreliance by non-professionals, especially because the content covers acute care interventions and invasive/high-risk treatments.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad and lists many loosely bounded scenarios, but it does not clearly state when the skill should not be used or what prerequisites must be met before invocation. In a clinical decision-support context, over-triggering can cause the model to apply psychiatric diagnostic framing too readily, increasing the risk of inappropriate diagnostic classification, coding errors, or use outside intended scope.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill is authored entirely in Chinese and does not indicate whether output language should follow user preference, which can create locale and usability failures when invoked in other language contexts. In a medical setting, language mismatch can degrade comprehension of diagnostic criteria or coding guidance, indirectly increasing documentation or clinical communication errors.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal