Attio

Security checks across malware telemetry and agentic risk

Overview

This Attio CRM skill is coherent, but it gives an agent broad authenticated ability to change or delete live CRM data without clear confirmation safeguards.

Install only if you trust Membrane and are comfortable granting authenticated access to Attio. Use the least-privileged Attio account or a test workspace where possible, review actions before running them, and require explicit confirmation before any create, update, delete, bulk, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description is very broad ('Manage crm data, records, and workflows'), which can cause an agent to invoke it for a wide range of ordinary CRM-related requests without clear scoping or safety boundaries. In a tool that supports both read and write operations, over-broad routing increases the chance of unintended access, modification, or deletion of CRM data when the user's request is ambiguous.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises destructive operations such as 'Delete Record' and 'Delete Task' without any explicit warning, confirmation requirement, or safeguard language. In an agent setting, this creates a real risk that ambiguous instructions, prompt injection, or user misunderstanding could lead to irreversible data loss in a production CRM.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal