Security audit

中国邮政储蓄银行官网主站

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for returning Postal Savings Bank of China website URLs, with no code, credentials, persistence, or local access requested.

Before using any banking link, verify the address independently in your browser and do not enter credentials unless you are certain you are on the bank’s legitimate website.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill leaves the "When to Run" section empty, so its activation scope is ambiguous and may cause the agent to invoke it in unrelated contexts. While this is not directly exploitable like code execution, unclear routing can lead to unintended browsing of external banking sites, user confusion, or misuse of the skill in inappropriate tasks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal