bamboohr-core-workflow-a
Facilitates employee management and reporting through BambooHR workflows, enabling CRUD operations and directory synchronization.
Install this skill
Security score
The bamboohr-core-workflow-a skill was audited on May 19, 2026 and we found 11 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 45 | const newEmpRes = await fetch(`${BASE}/employees/`, { |
Template literal with variable interpolation in command context
| 64 | console.log(`Created employee ID: ${newId}`); |
Template literal with variable interpolation in command context
| 71 | await fetch(`${BASE}/employees/${newId}/`, { |
Template literal with variable interpolation in command context
| 104 | 'GET', `/employees/changed/?since=${lastSyncTimestamp}`, |
Template literal with variable interpolation in command context
| 118 | result.errors.push(`Employee ${empId}: ${(err as Error).message}`); |
Template literal with variable interpolation in command context
| 144 | console.log(` ${dept}: ${count}`); |
Template literal with variable interpolation in command context
| 157 | console.log(`Report: ${savedReport.title}`); |
External URL reference
| 62 | // e.g., "https://api.bamboohr.com/.../v1/employees/456" |
External URL reference
| 217 | - [BambooHR Create Employee](https://documentation.bamboohr.com/reference/add-employee-2) |
External URL reference
| 218 | - [BambooHR Table Fields](https://documentation.bamboohr.com/docs/table-name-fields) |
External URL reference
| 219 | - [BambooHR Field Names](https://documentation.bamboohr.com/docs/list-of-field-names) |