bamboohr-automation
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from an external HR system and possesses state-changing capabilities.
- Ingestion points: Data enters the agent context through
BAMBOOHR_GET_ALL_EMPLOYEES,BAMBOOHR_GET_EMPLOYEE, andBAMBOOHR_GET_TIME_OFF_REQUESTSas defined inSKILL.md. - Boundary markers: The instructions do not define clear delimiters or system-level warnings to the agent to disregard instructions found within the retrieved HR data.
- Capability inventory: The skill allows the agent to perform write operations via
BAMBOOHR_UPDATE_EMPLOYEE,BAMBOOHR_CREATE_TIME_OFF_REQUEST, andBAMBOOHR_UPDATE_TIME_OFF_REQUEST(found inSKILL.md). - Sanitization: There is no evidence of sanitization or validation of the content retrieved from BambooHR before it is processed by the agent.
Audit Metadata