workday
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the Membrane CLI (
@membranehq/cli) to interact with Workday. This is a well-known tool from the skill's author context ('membranedev'), which manages authentication and API requests securely. - [SAFE]: The
npm install -g @membranehq/clicommand refers to the vendor's own CLI tool, which is expected for the skill's functionality. - [SAFE]: All external URLs (getmembrane.com, github.com/membranedev, community.workday.com) are legitimate and correspond to the vendor or the official service provider.
- [SAFE]: The skill follows security best practices by advising against asking users for API keys or tokens, instead delegating credential management to the Membrane platform.
Audit Metadata