peoplehr
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm. This is the official command-line interface provided by the platform vendor for interacting with their services. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform various tasks including authentication, connection management, and running PeopleHR actions. - [SAFE]: The skill explicitly promotes the use of managed connections, instructing that the agent should never ask for or store raw API keys or tokens locally.
- [SAFE]: Data ingestion surface (Indirect Prompt Injection): 1. Ingestion points: External HR data is ingested through
membrane action runandmembrane requestcommands in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: The skill uses themembraneCLI for network operations and data retrieval. 4. Sanitization: Not specified. The reliance on the platform's structured actions and proxy provides a mitigated environment for processing external data.
Audit Metadata