Yanji Bus Query

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Yanji bus lookup skill, but its script can turn crafted station names or tampered HTTP responses into local Python code execution.

Review before installing. The skill does not appear designed to steal data or persist, but yanji-bus.sh should be fixed to pass station names and fetched JSON as data through argv, environment variables, stdin, or files instead of embedding them in python3 -c code. Prefer HTTPS or response validation if available, and limit activation to explicit Yanji bus route or stop queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition '当用户问公交相关问题时' is overly broad and can cause the skill to run for general transit questions that may not actually be about Yanji bus lookups. This can lead to incorrect tool invocation, irrelevant data access, or unintended chaining with external scripts for requests outside the skill's intended scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal