personio
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package via NPM. This is a standard installation of a verified vendor-provided tool for interacting with the Membrane platform.
- [COMMAND_EXECUTION]: It utilizes the membrane CLI to perform authenticated operations and API requests. These commands are transparently described and necessary for the HRIS management functionality.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection via the data it processes from Personio. 1. Ingestion points: Data from list-employees and get-custom-report actions (SKILL.md). 2. Boundary markers: None identified. 3. Capability inventory: CLI execution for HR data management and network proxy requests (SKILL.md). 4. Sanitization: No specific data sanitization is mentioned, which is a standard characteristic of such integrations.
Audit Metadata