Fullcontact

Security checks across malware telemetry and agentic risk

Overview

This FullContact skill is coherent, but it gives an agent broad access to sensitive customer identity data, including deletion and raw API requests, without enough confirmation safeguards.

Install only if you trust Membrane and want an agent to operate on FullContact customer identity data. Use a least-privileged account where possible, review the FullContact connection scope, and require explicit user confirmation before deletes, identity mapping, enrichment involving personal data, or raw proxy API calls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents raw proxy requests to FullContact APIs but does not warn that these requests may include or retrieve highly sensitive personal/customer data such as identity, contact, and enrichment records. In a privacy-sensitive integration, omission of safeguards around data minimization, consent, logging, and redaction can lead agents to transmit PII too broadly or expose it in prompts, terminals, or stored outputs.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation advertises a destructive delete action for identity records without warning that deletion may be irreversible or have downstream effects on customer identity state. An agent following these instructions could delete records without confirmation, causing data loss or disruption to identity resolution workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal