bamboohr-hello-world
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates secure credential management by instructing the user to use environment variables (
BAMBOOHR_API_KEY) and.envfiles for authentication, avoiding hardcoded secrets.\n- [SAFE]: Network requests are directed only to the official BambooHR API domain (api.bamboohr.com).\n- [PROMPT_INJECTION]: The skill fetches data from an external API (BambooHR) which is then processed by the agent. While this creates a potential surface for indirect injection, the risk is inherent to the skill's primary purpose of HR data integration.\n - Ingestion points: API responses in the TypeScript and Python examples.\n
- Boundary markers: None present in the code snippets.\n
- Capability inventory:
Read,Write,Edit,Bash.\n - Sanitization: None performed on the retrieved API data.
Audit Metadata