Bloom Growth
Security checks across malware telemetry and agentic risk
Overview
The skill is a coherent Bloom Growth integration, but it gives broad authenticated access to sensitive HR/business records without clear guardrails for write or delete actions.
Install only if you intend to let the agent access Bloom Growth through Membrane. Review any action or proxy request before it runs, especially anything that creates, updates, or deletes employee, performance, goal, reflection, or template data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.