Procore

Security checks across malware telemetry and agentic risk

Overview

This Procore skill appears purpose-built for a real integration, but it gives broad access to sensitive business, user, role, and financial workflows without enough built-in safety boundaries.

Install only if you are comfortable connecting Procore through Membrane. Use a least-privilege Procore account, restrict work to specific companies and projects, prefer read-only discovery first, and require explicit confirmation before creating, updating, deleting, purchasing, invoicing, exporting, or changing users, roles, or financial records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is very broad ('Manage Projects, Users, Roles, Organizations') and lacks clear trigger boundaries or safety qualifiers. In an agentic setting, this can cause over-selection of the skill for loosely related requests and lead to unintended access, modification, or disclosure of Procore data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises management of sensitive enterprise resources but provides no warning that actions may be destructive or expose private project, personnel, financial, or operational data. Without embedded safety guidance, an agent may treat high-impact Procore operations as routine and execute writes or broad reads without adequate user awareness or confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal