bosszhipin
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection.\n
- Ingestion points: The agent is instructed to read and evaluate job descriptions and company details from the external website zhipin.com (SKILL.md).\n
- Boundary markers: The instructions lack explicit delimiters or instructions to ignore potential commands embedded within the job descriptions it processes.\n
- Capability inventory: The agent possesses capabilities to click interaction buttons such as '立即沟通' (Immediate Communication) and '收藏' (Bookmark), and can be directed to navigate via arbitrary URLs (SKILL.md).\n
- Sanitization: No sanitization or validation of the external job descriptions is specified before they are processed by the evaluation logic.
Audit Metadata