Pact Foundation
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a real Pact Foundation integration, but it gives an agent broad authenticated API access through Membrane without explicit safeguards for write or delete operations.
Install only if you trust Membrane with delegated access to your Pact environment. Prefer discovered Membrane actions first, use the least-privileged Pact connection available, and require the agent to show the exact endpoint, method, payload, and expected effect before any write or delete request.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.