40Medium
The skill is vulnerable to prompt injection via external markdown files and lacks necessary safety controls, creating a high risk of unauthorized code execution and sensitive data exfiltration.
Skill Info
Namezwbao/ai-research-clinician-skill/ai-research-clinician
Registrygithub
Versionc3f9904b3f53
PURLpkg:github/zwbao/ai-research-clinician-skill@c3f9904b3f53?skill=ai-research-clinician
Source
Install
This skill has findings worth reviewing before installing.
GitHub
Skills.shDocs
npx skills add https://github.com/zwbao/ai-research-clinician-skillAssessments (3)
AI Agent Traps ↗Potential for Indirect Prompt Injection via Referencesmediumindirect prompt injection
The skill architecture relies on reading external markdown files (`references/*.md`) to drive agent behavior. If these files are dynamically generated or fetched from external sources, an attacker could inject instructions into these files that the agent would then execute as part of its 'auto-research' workflow.
70% confidence
每次只读最相关的那一个,不要一次性读全部。从下表选唯一最贴近的模块 → 只打开那一个 references/*.md
Potential for Data Exfiltration via Tool Executionmediumdata exfiltrationAML.T0025AML.T0024LLM02:2025
The skill instructs the agent to 'run minimal reproduction' and 'search/run tools'. If the agent is allowed to execute arbitrary code or scripts on sensitive clinical data (even if de-identified), there is a risk that the agent could be manipulated to exfiltrate data to external repositories or endpoints during the 'toolchain' execution phase.
50% confidenceline 97
判任务类型、找工具/repo/数据库、跑最小复现
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/ai-toolchain.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[`references/ai-toolchain.md`](references/ai-toolchain.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/audit-and-safety.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[`references/audit-and-safety.md`](references/audit-and-safety.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/clinical-observation.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[`references/clinical-observation.md`](references/clinical-observation.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/evidence-reading.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[`references/evidence-reading.md`](references/evidence-reading.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/research-question.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[`references/research-question.md`](references/research-question.md)
Missing or insufficient descriptioninfopolicy violation
Skill description is empty or too short. A clear description helps users evaluate the skill's purpose.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/zwbao/ai-research-clinician-skill/ai-research-clinician)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/zwbao/ai-research-clinician-skill/ai-research-clinician"><img src="https://mondoo.com/ai-agent-security/api/badge/github/zwbao/ai-research-clinician-skill/ai-research-clinician.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/zwbao/ai-research-clinician-skill/ai-research-clinician.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow