gusto
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
@membranehq/clito perform HRIS management tasks, execute pre-defined actions, and send proxy requests to the Gusto API. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@membranehq/clipackage from the npm registry to enable the integration. - [PROMPT_INJECTION]: The skill ingests untrusted data from the external Gusto HRIS platform (such as employee profiles and payroll records), which constitutes a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through the
membrane action runandmembrane requestcommands. - Boundary markers: The instructions do not define delimiters or specific "ignore" commands to separate instructions from the fetched external data.
- Capability inventory: The skill has the capability to execute shell commands via the CLI and perform network operations through the proxy.
- Sanitization: There is no evidence of filtering or validation of the external content before it is processed by the agent.
Audit Metadata