zentao
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata and instructions direct the installation of the
@chenish/zentao-mcp-agentpackage via NPM. - The package is a vendor-owned resource associated with the author 'chenish'.
- [COMMAND_EXECUTION]: The skill functions by invoking the
zentao-cliandzentao-mcpcommand-line interfaces. - Capabilities include extensive ZenTao operations such as
task create,task update,addEstimate, and project iteration management. - [PROMPT_INJECTION]: The skill includes a 'Smart Link Resolver' feature that ingests and processes content from external URLs provided in conversation.
- Ingestion points: Untrusted content is extracted from arbitrary URLs provided by users and passed to the agent context (SKILL.md, Section 5).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the extracted content are mentioned.
- Capability inventory: The skill possesses significant capabilities to write data, update statuses, and log effort within the ZenTao instance.
- Sanitization: The skill description does not specify methods for sanitizing or validating the content retrieved from external links before processing.
Audit Metadata