Skills
skills/membranedev/application-skills/sage-payroll/Gen Agent Trust Hub

sage-payroll

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from npm (@membranehq/cli). This is a well-known tool from the skill's author (membranedev) used for managing integrations.
  • [COMMAND_EXECUTION]: The skill uses membrane CLI commands to perform operations. These commands are restricted to managing connections, discovering actions, and making authorized API requests through the Membrane platform.
  • [CREDENTIALS_UNSAFE]: The skill correctly follows security best practices by delegating authentication to the Membrane platform. It explicitly instructs never to ask for API keys and uses membrane login for secure, token-based authentication.
  • [DATA_EXFILTRATION]: Network operations are performed through the Membrane proxy, which manages authentication headers and base URLs. There are no patterns suggesting data exfiltration to unauthorized third parties.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 07:37 PM
Security Audit — agent-trust-hub — sage-payroll