Google Address Validation

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Google Address Validation integration, but users should understand it sends address data through Membrane and Google and requires installing Membrane's CLI.

Install only if you trust Membrane and are comfortable using its CLI and delegated Google connection. Review the permissions during login, avoid submitting sensitive addresses unless external processing by Membrane and Google is acceptable, and ask the agent to show any raw proxy request before it runs it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to send direct proxy requests to an external API without warning that user-supplied address data will leave the local context and be transmitted to Google via Membrane. Because postal addresses are often personal data, this can cause unintended disclosure or privacy/compliance issues if the user is not clearly informed and consenting.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal