clinical-trial-protocol-skill

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] The skill's functionality and described capabilities are coherent with its stated purpose. There are no code snippets or artifacts in this fragment that indicate direct malicious payloads, obfuscation, or backdoors. However, the required external MCP server (Claude Desktop plugin) is a notable network dependency and a potential data-exfiltration conduit for sensitive user-supplied documents stored in waypoints. The skill stores user-provided materials in plaintext waypoint files and performs automatic MCP connectivity checks, which raises privacy and supply-chain trust concerns. Recommend treating the MCP dependency as a trusted component only after verification, avoid uploading PHI or sensitive proprietary data without review, and inspect all references/*.md subskills before execution to ensure no hidden instructions. Overall: low probability of malware, but moderate security/privacy risk due to external dependency and storage of sensitive inputs. LLM verification: The skill's stated purpose and most capabilities are coherent and consistent with generating clinical trial protocols. However, there are notable supply-chain and data-exposure risks: (1) the required clinical trials MCP Server (.mcpb) is a third-party component of unspecified origin and will see queries and possibly raw user-provided content; (2) the orchestrator's guidance around loading and executing subskill markdown creates a prompt-injection vector if subskill content is treated as executa