Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/bamboohr-local-dev-loop/Gen Agent Trust Hub

bamboohr-local-dev-loop

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill instructions and provided code samples follow secure development practices.
  • [CREDENTIALS_UNSAFE]: The skill recommends using .env and .env.local files for sensitive API keys and domains, specifically noting that these should be git-ignored. This is a standard and recommended security practice for local development.
  • [EXTERNAL_DOWNLOADS]: The skill references standard, widely-used development dependencies (tsx, vitest, msw, typescript, and dotenv) from the official NPM registry. No unverified or suspicious external dependencies are included.
  • [DATA_EXFILTRATION]: Network operations are scoped to the official BambooHR API domain (api.bamboohr.com) and are used exclusively for legitimate data retrieval (employee directory and profiles) as defined by the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:49 PM
Security Audit — agent-trust-hub — bamboohr-local-dev-loop