Action Builder

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Action Builder integration, but it gives an agent broad authenticated ability to create, update, delete, and proxy API requests without clear approval safeguards.

Install only if you are comfortable giving an agent authenticated Action Builder access through Membrane. Use a least-privileged Action Builder account and require explicit confirmation before any create, update, delete, workflow-changing, or direct proxy API request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description is broad enough that it could be invoked for generic 'manage data, records, and automate workflows' requests, not just clearly scoped Action Builder tasks. In an agentic environment, overbroad routing can cause the agent to select this skill in the wrong context, leading to unintended access to external systems or execution of actions against the wrong tenant/account.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation advertises destructive capabilities like deleting tags, creating connections, creating people, and updating records without any warning about confirmation, authorization, or irreversible effects. In practice, this can normalize executing state-changing operations without explicit user consent, increasing the risk of accidental data loss or unauthorized modifications in production workspaces.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal