jazzhr
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package from the NPM registry to facilitate integration with the JazzHR service. This is a standard dependency for skills utilizing the Membrane platform.\n- [PROMPT_INJECTION]: The skill processes external data from JazzHR (applicants, jobs, and users), creating a potential surface for indirect prompt injection. 1. Ingestion points: Data is retrieved from the JazzHR API through 'membrane action run' and 'membrane request' commands. 2. Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are defined in the skill for processing this data. 3. Capability inventory: The skill can execute predefined actions and arbitrary API requests via the 'membrane' CLI. 4. Sanitization: No explicit validation or sanitization of JazzHR data is implemented in the skill instructions.\n- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill uses a secure authentication model that avoids direct handling of API keys by the agent or user.
Audit Metadata