bamboohr-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies a significant surface for indirect prompt injection due to the ingestion of untrusted data from an external HR system.
- Ingestion points: The skill retrieves data through tools like 'BAMBOOHR_GET_EMPLOYEE' and 'BAMBOOHR_GET_ALL_EMPLOYEES', which return fields like 'notes' and personal profiles that can contain user-controlled instructions.
- Boundary markers: Absent. The instructions do not define delimiters or instruct the agent to ignore instructions embedded within the retrieved HR data.
- Capability inventory: The skill provides access to write/update tools such as 'BAMBOOHR_UPDATE_EMPLOYEE' and 'BAMBOOHR_UPDATE_TIME_OFF_REQUEST', which could be targeted if an injection occurs.
- Sanitization: There is no evidence of sanitization, validation, or escaping of the external data before it is processed by the agent.
Audit Metadata