Google Appsheet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google AppSheet integration, but it needs review because it allows full-URL authenticated proxy requests beyond AppSheet-specific paths.

Install only if you are comfortable granting Membrane delegated access to the relevant Google AppSheet account. Prefer discovered Membrane actions, avoid full-URL proxy requests unless the destination is verified as intended, and explicitly approve any create, update, delete, or raw API operation before it runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill explicitly allows passing a full URL to the proxy request feature, which expands a Google Appsheet integration into a generic authenticated network client. That violates the declared scope of the skill and can enable SSRF-like behavior, access to unintended third-party endpoints, or policy bypass if an agent uses this capability without strict validation.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Permitting arbitrary destination URLs is not necessary for a skill whose stated purpose is interacting with Google Appsheet data. This broad network capability increases the attack surface substantially because an agent could be induced to make requests to unrelated or sensitive endpoints under the guise of using the Appsheet skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal