Vague Triggers
Medium
- Confidence
- 95% confidence
- Finding
- L003 将触发条件描述为“当用户要求通过 WebBridge 操作腾讯企业邮箱、读取邮件、回复邮件、转发邮件、或遇到 exmail.qq.com 自动化问题时触发”。其中“读取邮件”以及“遇到 exmail.qq.com 自动化问题时”范围较宽,且未提供明确的触发短语、上下文限制或排除条件,容易与普通讨论或求助场景重叠。
Security audit
Tencent Exmail Webbridge
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only skill for user-directed Tencent Exmail browser automation, with sensitive email access clearly disclosed and no evidence of hidden execution or data theft.
Install only if you intentionally want an agent to help operate Tencent Exmail through Kimi WebBridge. Because it can read email content and prepare replies or forwards in a logged-in mailbox, use it only with accounts and pages you are comfortable automating, and keep final sending under explicit user confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
63/63 vendors flagged this skill as clean.