Zhaopin

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is for summarizing public Zhaopin job and company pages and does not ask for login, private data, persistence, or privileged setup.

Install only if you want help summarizing public Zhaopin job listings or company pages. Do not use it for logging in, applying to jobs, bypassing verification, scraping at scale, or collecting non-public account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description is broad: it says to invoke the skill whenever access to or automation around Zhaopin-related content is needed. That can overlap with many ordinary browsing, job-search, or summarization requests, increasing the chance the agent invokes this skill unintentionally and performs web access or scraping-adjacent actions outside the user's precise intent. The rest of the skill narrows scope somewhat by forbidding login, delivery, and bulk scraping, so this is not highly dangerous, but it is still a real overbroad-trigger issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal