bullhorn
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is a vendor-owned resource used to facilitate communication between the agent and the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to execute CRM actions and perform API requests. This includes running predefined recruitment tasks and sending proxy requests to the Bullhorn API. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests data from the external Bullhorn API.
- Ingestion points: Data enters the agent's context through
membrane action run,membrane action list, andmembrane requestcalls documented in SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to prevent the agent from obeying commands embedded within the retrieved CRM data.
- Capability inventory: The skill possesses capabilities to write to the Bullhorn API and execute various recruitment-related actions via the CLI (SKILL.md).
- Sanitization: No sanitization, validation, or filtering logic is present to process the external data before it is interpreted by the agent.
Audit Metadata