workday
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows security best practices by delegating authentication to an external CLI tool that manages secrets server-side, ensuring that sensitive Workday API keys are never exposed in the prompt or local environment.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the official NPM registry. This package is an official tool provided by the vendor (membranedev) to facilitate secure integrations. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to perform specific Workday operations like searching for workers or running actions. These commands are used for their intended purpose within the integration framework.
Audit Metadata