Ceridian Dayforce
Security checks across malware telemetry and agentic risk
Overview
This Dayforce integration is coherent, but it deserves review because it enables broad authenticated access to sensitive HR and payroll data, including write and delete API requests.
Install only if you trust Membrane and intend to let an agent operate Dayforce through your connected account. Use the least-privileged Dayforce account possible, prefer discovered read-only actions, and require explicit confirmation before any create, update, delete, payroll, employee, absence, or time-off change.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.