lattice
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the official NPM registry to facilitate communication with the Lattice API.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to execute commands for authentication, connection management, and running specific platform actions.
- [DATA_EXFILTRATION]: Data is transmitted to the Lattice API endpoints via the membrane request proxy, which is the primary intended functionality of the skill for managing HR data.
- [PROMPT_INJECTION]: The skill documentation contains an extensive list of unrelated keywords ranging from 'Blockchain' to 'National Security'. This serves as a form of topic poisoning that could mislead an agent's context or relevance retrieval systems, although it does not constitute a direct command injection exploit.
Audit Metadata