paycor
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the membrane command-line interface to perform authentication, search for connectors, and execute actions against the Paycor API.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @membranehq/cli package via npm to facilitate communication with the Membrane platform.
- [PROMPT_INJECTION]: The skill acts as an interface between user input and the Paycor API, creating a surface for indirect prompt injection if untrusted data is processed. • Ingestion points: User-supplied parameters and Paycor API response data. • Boundary markers: No explicit delimiters or boundary markers are defined to isolate data from instructions. • Capability inventory: The skill can execute CLI commands that perform network requests and data modification. • Sanitization: The instructions do not define specific sanitization or validation logic for external data inputs.
Audit Metadata