sage-payroll
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: The skill defines a standard integration flow using the Membrane platform to interact with the Sage Payroll API. It utilizes the vendor's official infrastructure for authentication and request proxying, which is a secure design pattern for this type of service.
- [EXTERNAL_DOWNLOADS]: The skill references the installation and use of the
@membranehq/cliNode.js package. This is a legitimate resource owned and maintained by the skill vendor (Membrane) to facilitate communication with their platform. - [CREDENTIALS_UNSAFE]: The skill documentation explicitly instructs users and the agent to avoid manual secret handling. It recommends using the Membrane connection manager to handle authentication server-side, preventing sensitive credentials from being exposed in the agent's environment or prompt history.
Audit Metadata