Personio

Security checks across malware telemetry and agentic risk

Overview

This Personio skill is a legitimate HR integration, but it gives agents broad authenticated access to sensitive employee data, including write/delete operations and raw API proxy requests, without enough guardrails.

Install only if you trust Membrane and intend to let an agent access Personio. Use a least-privilege Personio account, prefer vetted read-only actions, require explicit approval before any create/update/delete or proxy request, and revoke the connection when the task is finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises destructive operations such as deleting and updating attendance and time-off records without any caution, authorization checks, or confirmation guidance. In an HR context, these actions can alter payroll-relevant and employee records, so omission of safety guardrails materially increases the risk of accidental or unauthorized changes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The proxy-request feature enables arbitrary direct API access through an authenticated connection, but the documentation does not warn that this can bypass higher-level action constraints and operate on sensitive HR data. In practice, this expands the attack surface to any reachable Personio endpoint and makes unintended or unsafe data access and modification easier.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal