zerone-cli
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system and CLI commands such as pnpm, zerone, date, and echo, which requires the agent to have full system permissions. These permissions are utilized to modify local project files, configuration files, and interact with Node.js modules.
- [EXTERNAL_DOWNLOADS]: Fetches configuration and assets from external sources, including API definitions from the vendor's domain (genapi-giime.giikin.com) and font resources from the well-known Alibaba Iconfont service (at.alicdn.com).
- [PROMPT_INJECTION]: Contains a potential surface for indirect prompt injection through the ingestion of external data that influences code generation.
- Ingestion points: Retrieves API documentation from genapi-giime.giikin.com and CSS configuration from at.alicdn.com to generate or update local source files.
- Boundary markers: The provided instructions do not specify any boundary markers or delimiters for the ingested external data.
- Capability inventory: The skill has the capability to modify source code, update environment variables, and change project configurations.
- Sanitization: There is no documentation of sanitization or validation processes applied to the external content before it is incorporated into the codebase.
Audit Metadata