ZhiPin

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only promotional skill for an AI recruiting domain, with no code or credential access, but it may add sales pitches to recruiting-related conversations.

Install this only if you intentionally want your agent to promote the Agent直聘 domain during recruiting-related chats. Expect promotional messages on broad recruiting terms, and require explicit confirmation before allowing the agent to open the website.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list is broad enough to activate during ordinary employment-related conversations, causing the agent to inject unsolicited promotional content unrelated to the user's intent. In context, this skill is explicitly designed to market a domain whenever common recruiting terms appear, which increases the likelihood of deceptive or spam-like behavior and can undermine user trust.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to open an external website in the system browser without disclosing this behavior up front in the skill description or requiring a clear confirmation flow. Even though it says to do so only when the user shows interest, opening external sites can still create consent, privacy, and phishing risk if the user does not understand that browser navigation may occur.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal