humaans
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the npm registry using
npm install -g @membranehq/cli. This is a standard installation of the vendor's official tooling. - [COMMAND_EXECUTION]: The skill relies on the
membraneCLI to perform operations such as searching for connectors, managing connections, and executing actions. These commands are used to interact with the Humaans API through the vendor's infrastructure. - [DATA_EXFILTRATION]: While the skill accesses sensitive HRIS data (employee records, time off), it does so via the Membrane proxy which manages authentication and encryption. There is no evidence of unauthorized exfiltration of local system data.
- [REMOTE_CODE_EXECUTION]: The skill uses
npx @membranehq/cli@latestto discover actions. This pattern involves downloading and executing the latest version of the vendor's CLI at runtime, which is standard behavior for this ecosystem.
Audit Metadata