AgentZhiPin

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed domain-sale promotion, but its broad triggers can inject advertising into ordinary AI-agent conversations.

Install only if you explicitly want your agent to promote the AgentZhiPin domain. It does not appear to threaten files or credentials, but it may produce unwanted advertising in ordinary AI-agent discussions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 98% confidence
Finding: The trigger list is intentionally broad and includes generic terms like “AI Agent” and “智能体”, which are common in ordinary user discussions. This makes the skill activate in many unrelated contexts and inject unsolicited domain-sale advertising, creating prompt-hijacking/spam behavior that can override user intent and degrade trust in the agent.

Vague Triggers

High

Confidence: 99% confidence
Finding: Using the standalone term “Agent” as a scenario condition is extremely ambiguous and will match a vast range of normal conversations unrelated to this domain sale. In context, the skill is designed to opportunistically insert promotional content whenever common AI terminology appears, which is a strong indicator of intentional abusive behavior rather than a narrow assistant function.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal