Procountor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Procountor integration, but it gives an agent broad authenticated access to sensitive financial records without clear confirmation safeguards.

Install only if you trust the publisher and Membrane connection. Use a least-privilege Procountor account where possible, treat the skill as capable of reading and changing sensitive financial records, and require the agent to show the exact action, endpoint, target record, and expected effect before any write, delete, payment, import, or bulk operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is broad enough that an agent may invoke it for many vaguely related requests involving Procountor data, including sensitive financial operations. In a finance integration, over-broad routing increases the chance of unnecessary access, data exposure, or unintended record modifications without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This skill operates on financial, payroll, invoice, banking, and accounting data, yet the markdown does not warn that actions may access or modify highly sensitive business records. Without an explicit warning and confirmation requirement, users or agents may initiate risky operations without understanding the privacy, compliance, and financial consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal