adp-workforce
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the Membrane CLI globally via
npm install -g @membranehq/cli@latest. This fetches the tool from the public npm registry.- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute various shell commands using themembraneCLI, including authentication, connection management, and action execution.- [REMOTE_CODE_EXECUTION]: The commandmembrane action createenables the creation of new functionality based on natural language descriptions. This involves the dynamic generation and deployment of code within the Membrane platform environment.- [DATA_EXFILTRATION]: The skill accesses and processes highly sensitive HR and payroll data (e.g., demographics, pay distributions) from ADP Workforce Now via the Membrane API integration.- [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection by processing external data from API responses. - Ingestion points: External data enters via
membrane action runandmembrane action listoutputs. - Boundary markers: No explicit delimitation or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The agent has the ability to execute shell commands and interact with the CLI as specified in SKILL.md.
- Sanitization: No sanitization or validation logic is defined for the external data ingested from API actions.
Audit Metadata