Back to skill

Security audit

工程建设招投标分析-建设通

Security checks across malware telemetry and agentic risk

Overview

This skill is read-only documentation for a tender-data API, but it is broader than its construction-focused description and can query company, contact, and market intelligence through a third-party service.

Install only if you want the agent to use this Jianshetong/ZLBX API for broad procurement and market intelligence, not just construction tender summaries. Use a dedicated limited API key, avoid submitting confidential strategy or deal terms, and ask the agent to confirm company matches, contact lookups, and lead-generation queries before calling the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as narrowly scoped to construction tender analysis, but the documented API surface supports much broader procurement, market, and company intelligence workflows across industries. This scope mismatch can cause the agent to invoke the skill in contexts users did not expect, increasing unintended data access and over-collection beyond the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The inclusion of `get_company_contacts` expands the skill from tender analysis into retrieval of company contact information, which is not necessary for the stated purpose of extracting project fields and qualification background. That creates a data-minimization and privacy risk because the agent may fetch potentially sensitive contact data without clear user need or disclosure.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented APIs expose broad market-analysis capabilities such as purchaser, supplier, brand, and pricing intelligence that exceed the skill’s declared construction-tender-focused purpose. This scope mismatch can enable unintended data access and use cases outside user expectations, increasing the risk of overbroad collection, misuse, or policy bypass through prompt steering.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Brand/model price-trend querying provides generalized commercial intelligence unrelated to the stated construction tender analysis mission. In this skill context, that makes the capability more dangerous because an agent could be induced to perform broader price surveillance or competitive analysis than users or reviewers would expect from a construction-focused tool.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Top brand and product market-share analysis supports broad procurement market research rather than the manifest’s narrower construction project and bidder qualification analysis. This creates a capability expansion path where the skill can be repurposed for unrelated sectors and competitive intelligence workflows, contrary to least-privilege design.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger condition is defined with broad construction-related keywords such as 工程、施工、建筑、市政、监理、设计, which are common terms that can appear in many benign or loosely related queries. This can lead to over-triggering, causing unintended external API calls and disclosure of user queries to a third-party service without sufficiently precise routing boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to read an API key from environment/configuration and send authenticated requests to an external service, but it provides no warning about credential use, third-party transmission, or user data handling. In an agent setting, this lack of transparency increases the risk of silent outbound data transfer and misuse of privileged credentials.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented workflow instructs the agent to automatically expand a user-supplied company name to all semantically matched headquarters and subsidiaries, then query and analyze them without confirmation. This can cause over-collection and unintended processing of data about additional legal entities beyond the user's intended target, creating privacy, scope, and accuracy risks in a company-intelligence context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The contacts endpoint exposes project contact details, including names and masked phone numbers, but the documentation provides no privacy, authorization, or acceptable-use guidance. In an analyst skill, this increases the risk of unnecessary retrieval, profiling, or misuse of personal contact information for purposes unrelated to the user's legitimate business need.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.