Eightfold

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Eightfold integration, but it gives an agent broad authenticated access to sensitive HR data and write-capable API requests without clear guardrails.

Install only if you intend to let the agent access Eightfold through Membrane. Use a least-privilege Eightfold/Membrane connection, prefer discovered Membrane actions over raw proxy calls, and require explicit approval before any write, delete, export, bulk operation, or request involving employee, candidate, compensation, performance, billing, or administrative data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is broad enough that an agent may invoke it for loosely related Eightfold or HR tasks without clear scoping, increasing the chance of unnecessary access to enterprise HR data or accidental external actions. In a talent-management context, over-broad triggering is more dangerous because the underlying system can expose or modify sensitive candidate and employee records.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The proxy request section encourages direct API calls without warning about the sensitivity of HR, recruiting, and candidate information that may be transmitted or modified. Because Eightfold commonly contains PII and employment-related data, unrestricted proxy guidance can lead to accidental exfiltration, over-collection, or unsafe write operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal