workday-soap

SUSPICIOUS: the stated purpose matches the advertised capability, and the CLI install path is relatively normal via npm, but the skill centralizes authentication and Workday data access through Membrane as an intermediary rather than direct official Workday API usage. That third-party routing and credential handling are proportionate enough to avoid a malicious verdict, yet still create meaningful trust and data-flow risk for sensitive enterprise data.