Pulumi

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Pulumi integration, but it gives an agent broad authenticated infrastructure access without enough safety boundaries.

Review before using with important Pulumi accounts. Use a least-privilege Pulumi/Membrane connection, avoid production or admin credentials unless necessary, require explicit approval before any POST, PUT, PATCH, or DELETE request, and revoke the connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents a generic authenticated proxy mechanism to the Pulumi API without guardrails, read-only defaults, or warnings about destructive operations. In an infrastructure-management context, this can enable arbitrary state-changing requests such as modifying or deleting resources, increasing the risk of unintended or unsafe cloud changes if an agent uses the proxy directly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal