eploy
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is the official command-line tool provided by the vendor to interact with the Membrane platform. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform several operations, including logging in, ensuring connections to the Eploy service, and executing API actions. - [DATA_EXFILTRATION]: The skill uses a proxy request mechanism to communicate with the Eploy API. This architecture allows the Membrane platform to manage authentication headers and token refreshes server-side, preventing the exposure of sensitive credentials in the local environment.
- [PROMPT_INJECTION]: The skill processes recruitment data (Jobs, Candidates, Users) retrieved from the Eploy API.
- Ingestion points: Results from
membrane action runandmembrane request. - Boundary markers: None present.
- Capability inventory: Shell command execution via the Membrane CLI, including authenticated API requests.
- Sanitization: Not explicitly defined in the skill instructions.
Audit Metadata