gusto
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from NPM. This is a verified tool from the skill's author (Membrane) used for authentication and API interaction. - [COMMAND_EXECUTION]: The skill relies on executing shell commands via the
membraneCLI to manage connections and run actions. This includes dynamic action creation on the Membrane platform. - [DATA_EXFILTRATION]: The skill's primary function is to access and modify sensitive HRIS data, including employee compensation, payroll records, and personal information. It correctly delegates credential handling to the Membrane platform to avoid local secret exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external HR data.
- Ingestion points: Data retrieved from the Gusto API (e.g., employee names, job descriptions, or department notes) enters the agent's context through CLI output.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to treat data from Gusto as untrusted.
- Capability inventory: The agent can execute CLI commands, create new actions, and modify HR records.
- Sanitization: Absent. There is no evidence of filtering or validation of the content retrieved from Gusto before processing.
Audit Metadata