中国邮政储蓄银行官网

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only shortcut list for PSBC-related websites, with no code or account access, but users should verify banking links before entering sensitive information.

Safe to install as a reference aid, but do not rely on it as independent verification for banking activity. Before logging in, transferring money, applying for products, or entering personal data, confirm the destination through PSBC’s official channels and watch for outdated or mislabeled links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill has an empty 'When to Run' section, so there are no explicit activation constraints or trigger phrases limiting when the agent should invoke it. Because the skill contains a large set of external banking URLs and presents them as authoritative, ambiguous invocation increases the chance of inappropriate or over-broad use, which can misroute users to sensitive financial endpoints or cause the agent to surface links without sufficient context or user intent validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal