deel
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
bash -cto executecurlcommands and pipe the output tojqfor processing. This pattern is explicitly used to ensure that theDEEL_TOKENenvironment variable is correctly handled within the shell context during command pipelines. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.deel.com, which is the official domain for the Deel REST API. These requests are used to retrieve or modify organizational data such as contracts, people profiles, and time-off requests. - [DATA_EXFILTRATION]: While the skill transmits a sensitive
DEEL_TOKEN, it does so exclusively to the official Deel API endpoints for authentication. There is no evidence of data being sent to unauthorized or suspicious third-party domains.
Audit Metadata