isolved
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli package from the official NPM registry to enable interaction with the Membrane infrastructure.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform authentication, query available actions, and execute API calls against Isolved.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing data from the HRIS system.
- Ingestion points: External data enters the agent context via the output of membrane action run and membrane request commands.
- Boundary markers: The instructions do not define specific delimiters or warnings to isolate external data from the agent's instructions.
- Capability inventory: The skill allows the agent to execute actions that can modify remote data and perform arbitrary HTTP requests via the Membrane proxy.
- Sanitization: No validation or sanitization of the retrieved employee or payroll data is performed before it is presented to the agent.
Audit Metadata