bamboohr-ci-integration
Automates CI/CD pipelines for BambooHR integrations using GitHub Actions, enhancing testing and deployment efficiency.
Install this skill
Security score
The bamboohr-ci-integration skill was audited on May 19, 2026 and we found 15 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 54 | ```yaml |
Template literal with variable interpolation in command context
| 126 | http.get(`${BASE}/employees/directory`, () => |
Template literal with variable interpolation in command context
| 133 | http.get(`${BASE}/employees/:id/`, () => |
Template literal with variable interpolation in command context
| 136 | http.post(`${BASE}/reports/custom`, () => |
Template literal with variable interpolation in command context
| 140 | http.get(`${BASE}/employees/ratelimited`, () => |
Template literal with variable interpolation in command context
| 222 | ```yaml |
Webhook reference - potential data exfiltration
| 48 | # Optional: webhook testing |
Webhook reference - potential data exfiltration
| 49 | gh secret set BAMBOOHR_WEBHOOK_SECRET --body "your-webhook-hmac-secret" |
Access to .env file
| 182 | const HAS_CREDS = !!process.env.BAMBOOHR_API_KEY && !!process.env.BAMBOOHR_COMPANY_DOMAIN; |
Access to .env file
| 186 | companyDomain: process.env.BAMBOOHR_COMPANY_DOMAIN!, |
Access to .env file
| 187 | apiKey: process.env.BAMBOOHR_API_KEY!, |
External URL reference
| 109 | "https://api.bamboohr.com/api/gateway.php/${BAMBOOHR_COMPANY_DOMAIN}/v1/employees/directory") |
External URL reference
| 123 | const BASE = 'https://api.bamboohr.com/api/gateway.php/testco/v1'; |
External URL reference
| 242 | "https://api.bamboohr.com/api/gateway.php/${BAMBOOHR_COMPANY_DOMAIN}/v1/employees/directory") |
External URL reference
| 274 | - [MSW for Testing](https://mswjs.io/) |