Drift

Security checks across malware telemetry and agentic risk

Overview

This Drift integration is coherent, but it can modify or delete CRM records through Membrane without clear in-skill safeguards for high-impact actions.

Install only if you trust Membrane with the intended Drift workspace. Before using it, require the agent to fetch and show the exact record, confirm the specific action and ID, and get explicit approval before any create, update, delete, message-send, or raw proxy request. Consider pinning or reviewing the Membrane CLI package version before global installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises destructive actions such as deleting accounts and contacts, but provides no guidance to require explicit user confirmation, verify target identity, or use safeguards before execution. In an agentic context, this increases the risk of accidental or overly broad destructive operations caused by ambiguous prompts, hallucinated identifiers, or unsafe automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal